Virtual  vibe  Microsoft's  first  virtual  server  software  package 
brings  with  it  licensing  and  support  challenges.  PAGE  8. 


Squeeze  play  Data  compression  has  been  around  for 

years,  but  recent  incarnations  give  the  technology  new  life.  PAGE  24. 
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A  Wider  Net 

This  ISP  flatfoot  enjoys 
giving  spammers  the  boot 

Bellyaching 
bad  guys 
just  part 
of  the  job. 

■  BY  CARA 
GARRETSON 

W  most  trying  part  of  Louis  Rush’s  job  is  confronting 

scofflaws,  some  of  whom  are  hardened  criminals, 
I  to  inform  them  they’ve  been  caught.  Often  defen¬ 
sive,  sometimes  cocky  these  would-be  felons  threaten  Rush  and 
dare  him  to  stop  them.“I  already  have,”  is  Rush’s  response,  as  he 
cancels  their  account  with  ISP  EarthLink. 

Rush,  an  investigator  with  EarthLink’s  abuse  team  at  the  com¬ 
pany’s  headquarters  in  Atlanta,  wields  the  power  to  disconnect 
spammers  and  other  offenders  from  their  lifelines  by  cancel¬ 
ing  their  accounts.  Rush  learns  about  abusers  from  complaints 

See  Investigator,  page  59 
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Voice  apps  spreading 
as  standards  mature 


Cisco,  3Com  fire  up 
new  WAN  routers 


■  BY  PHIL  HOCHMUTH 

Cisco  this  week  is  scheduled  to 
announce  a  complete  refresh  of 
its  enterprise  WAN  access  routers, 
promising  customers  a  menu  of 
faster  and  more  reliable  hard¬ 
ware  for  running  security 
and  VoIP  services  at  the 
WAN  edge. 

Cisco’s  new  1800,  2800 
and  3800  Integrated  Service 
Routers  will  combine  VoIP 
VPN,  firewall  and  intrusion-detec¬ 
tion  system  (IDS)  support.  Cus¬ 
tomers  today  have  to  add  these 
capabilities  with  modules  and 
IOS  software  upgrades.The  boxes 
will  replace  current  1700,2600 
and  3700  offerings  and  deliver 
more  services  with  better  per¬ 
formance  in  one  platform, 


Cisco  says. 

Despite  its  80%  enterprise 
router  market  share,  Cisco  faces 
more  competition  than  ever  and 
needs  this  refresh  to  counter  the 


momentum  of  Juniper,  which  an¬ 
nounced  its  first  corporate  edge 
products  in  May 
Cisco  also  has  to  worry  about 

See  Routers,  page  16 
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I  CLEAR  CHOICE  I 


1NE0EH99 

Double  your  broadband, 
double  your  fun 


We  tested  five  dual-WAN  routers  and  SonicWall’s  TZ 170 
came  out  on  top  based  on  its 
excellent  security 
controls  and 
flexible 
firewall  rules. 


Page  45 


Show  spotlights  wireless  innovation 


■  BY  ANN  BEDNARZ 

Voice  technology  is  making  its 
way  into  more  mainstream  uses 
thanks  to  standards-based  tech¬ 
nologies  displacing  expensive, 
proprietary  platforms. 

One  of  those  applications  is 
Rex,  a  disposable  prescription 
bottle  with  embedded  text-to- 
speech  technology  that  can  read 


medication  details  in  a  computer¬ 
generated  voice  at  the  push  of  a 
button.  Tony  Mariano,  co-founder 
of  MedivoxRx  Technologies,  came 
up  with  the  idea  for  Rex  when  a 
visually  impaired  friend  wound 
up  in  the  hospital  after  mistakenly 
taking  the  wrong  medicine. 

Mariano  is  among  those  sched¬ 
uled  to  speak  at  this  week’s 
See  Speech,  page  14 


■  BY  JOHN  COX 

LA  JOLLA,  CALIF  —  Even  with¬ 
out  the  summer  humidity  vendor 
was  to  pitch  their  products  in  a 
matter  of  6  minutes  to  a  crowd  of 
jaded  venture  capitalists,  fellow 
executives  and  journalists. 

In  its  sixth  year,  Demomobile 
highlighted  new  mobile  and  wire¬ 
less  products,  covering  applica¬ 
tions,  client  devices  and  infra¬ 
structure.  The  show,  produced  by 
Network  World's  Events  &  Exec¬ 
utive  Forums  group,  featured  35 
vendors  ranging  from  early-stage 
start-ups  to  established  public 
companies.  Together  the  group 


has  reaped  $142  million  in  ven¬ 
ture  investment. 

For  some  vendors,  the  presenta¬ 
tions  were  easyTve  done  this  kind 


of  thing  lots  of  times.  I  told  my 
[presenting]  team  I  had  complete 
faith  in  them.  It’s  called ‘delegating 

See  Demomobile,  page  60 


Cool  Tools  at  Demomobile 


Cool  Tools  columnist 
Keith  Shaw  samples 
some  of  the  hot  products 
introduced  at 
Demomobile.  One  of  his 
favorites  is  ViewSonic's 
Wireless  Media  Gateway, 
which  can  store  digital 
media  and  stream  it  to  a 
TV  or  stereo.  Page  38. 
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Want  to  simplify  your  data  center  and  make  it  more  cost  effective?  Try  the  IBM  eServer  BladeCenter  HS20  system 
with  powerful  Intel®  Xeon™  processors.  Why?  It’s  from  the  #1  blade  server  vendor,  IBM.1  And  designed  to  integrate  the 
functions  you  need  with  brilliant  simplicity.  Server,  network  and  storage  resources  are  rigorously  tested  to  enable  seam¬ 
less  integration.  So  BladeCenter  HS20  systems  are  easy  to  manage  the  day  they  arrive  and  can  help  lower  TCO.  For 
more  information  about  the  most  in-demand  blade  servers  for  the  on  demand  world,  visit  ibm.com/eserver/advantage 


5  reasons  more  and  more  businesses  are  turning  to  IBM  eServer™  BladeCenter™  systems  with  Intel  Xeon  processors. 


Scale  out  simply 

IBM  Director  systems 

Up  to  83%  fewer  cables 

Mainframe-inspired 

24/7/365  optional  onsite 

on  demand. 

management. 

than  stand-alone  servers. 

technologies. 

hardware  support.2 

mmm 


@  server" 


The  IBM  eServer  BladeCenter  HS20  system 
with  Intel  Xeon  processors  isn’t  just  powerful 
and  scalable;  it’s  surprisingly  simple. 


Based  on  FY2003  worldwide  blade  server  revenue  and  shipments,  IOC's  Worldwide  Quarterly  Server  Tracker,  February  2004.  'Additional  charges  apply.  Standard  support  includes  next-business-day  response  in 
some  countries.  IBM.  the  e-business  logo,  eServer.  the  eServer  logo  and  BladeCenter  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other 
countries.  Intel,  Intel  Inside,  the  Intel  Inside  logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Other  company,  product  and 
service  names  may  be  trademarks  or  service  marks  of  others.  ©2004  IBM  Corporation.  All  rights  reserved. 


The  SecureUtnx  product  family  is  a  complete  data  center  solution. 

>  SecureLinxSLC-  Console  management  (shown) 

>  SecureLinxSLK-  Remote  KVM™  over  IP 

>  SecureLinx  SLR- Power  management 


SecureLinx 


When  you  absolutely  can’t  get  to  your  IT  equipment... 
get  there  anyway.  The  data  center  is  the  lifeblood  of  your 
business.  Even  a  short  period  of  downtime  can  be  a  major 
problem,  so  when  something  does  go  wrong  you  need  to 
be  able  to  address  it  instantly.  With  SecureLinx  SLC,  you 
can  minimize  or  eliminate  downtime  and  keep  your 
business  afloat! 


SecureLinx  SLC  console  managers  from 
Lantronix  give  you  consolidated  access  so 
you  can  control,  diagnose  and  repair 
virtually  everything  in  the  data  center  via  their  serial  ports. 
You  gain  total  out-of-band  management  of  all  your 


Linux,  Unix  or  Windows®  2003  servers  (as  well  as  routers, 
switches,  telecom  equipment  and  building  access  devices) 

And  you  can  access  it  from  anywhere  over  the  Internet - 
even  if  the  network  is  down  -  with  the  confidence  of  the 
highest  level  of  security  available.  SecureLinx  SLC  features 
SSL  and  SSH  encryption.  Plus,  it’s  the  only 
console  manager  with  a  NIST-certified 
implementation  of  Advanced  Encryption 
Standards.*  Best  of  all,  it’s  easier  and  less 
expensive  to  implement  than  you  may  think. 

Don’t  let  your  data  center  ever  go  under! 

Call  Lantronix  today. 


Visit 

www.lantronix.com/info/ad001  cl 

for  your  free  console 
management  white  paper. 


LANTRONIX* 

Network  anything.  Network  everything 

www.lantronix.com  I  (800)422-7055 


Lantronix,  2004.  Lantronix  is  a  registered  trademark,  and  SecureLinx  and  Remote  KVM  are  trademarks  of  Lantronix,  Inc  *As  of  August  2004,  SecureLinx  SLC  is  the  only 
console  manager  with  a  NIST-certified  implementation  of  Advanced  Encryption  Standards  as  specified  by  FIPS-197  (Federal  Information  Processing  Standards). 


News 


■  8  Microsoft  takes  aim  at  virtual  server  market. 

■  10  Nortel  enhancements  paving  way  for  advanced  multimedia  applications. 

■  10  Start  up  makes  open  source  CRM  play. 

■  12  Data  protection,  management  wares  debut. 

■  12  Relocation  company  moves  worms  out  of  its  path. 

■  16  Symantec  service  to  fight  phishing. 

■  17  Vendors  unveil  new  security  lines  of  defense. 


Infrastructure 

■  19  ForcelO  raises  the  10G  bar, 
again. 

■  19  XOsoft  can  recover  failed 
application  servers. 

■  20  Intel  sets  sights  on  parallel 
processing. 

■  21  Kevin  Tolly:  Microsoft: 
Sitting  duck  —  with  baggage. 

■  24  Special  Focus:  As  data 
compression  evolves,  savings  grow. 

Enterprise 

Applications 

■  25  Google-mania'  ignites  search 
technology. 

■  25  Vintela  upgrades  policy 
management  package. 

■  26  Scott  Bradner: 

Unwiring  cities. 

Service  Providers 

■  29  VoIP:  Just  what  the  doctor 
ordered. 

■  30  Johna  Till  Johnson: 

A  telecom  history  lesson. 


The  WiFlyer  will  let  you  use  a 
Wi-Fi  connection  from  your 
laptop  to  the  Internet  via 
dial-up.  Page  38. 
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■  33  Start-up  challenges  GoToMyPC 
desktop  dominance. 

■  33  Enterprise  wireless  LAN 
security  for  small  offices. 

■  34  Toni  Kistner:  As  telework 
grows,  so  does  congestion. 

Technology 

Update 

■  37  Proposed  standard  simplifies 
Virtual  Private  LAN  Service. 

■  37  Steve  Blass:  Ask  Dr. 

Internet. 

■  38  Mark  Gibbs:  Dicing  with 
DSL. 

■  38  Keith  Shaw:  Some  really 
cool  stuff  at  Demomobile. 

Opinions 

■  40  On  technology:  Stirring 
up  the  IT  pot. 

■  41  Joel  Snyder:  A  VoIP 
security  plan  of  attack. 

■  41  Linda  Musthaler:  Leave 
social  networks  at  home. 

■  62  BackSpin:  SP2  confounds 
the  world. 

■  62  'Net  Buzz:  'Net  abuse  sur¬ 
vey  says  4%  of  workers  are  morons. 

■  55  Career  classifieds. 
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Strategies 

■  49  Crime  and  punishment: 
Corporations  pay  the  price  when  they 
don't  adequately  protect  customer 
data. 


Features 


CLEAR  CHOICE  p 
TEST 


Dual-WAN  routers: 

Double  your  Internet 
pleasure,  double  your  fun:  We  test 
five  dual-WAN  routers.  Page  45. 
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l  Exclusive 

Network  World  Fusion  Radio: 

Interoperability  testing  and  IPv6 

IPv6  and  its  benefits  have  been  touted  for  years,  but  only  recently  has 
it  been  added  to  the  central  name  servers  run  by  ICANN.  Now  the 
Multiservice  Switching  Forum  is  adding  IPv6  testing  to  its  upcoming 
GMI 2004  interoperability  demonstration,  Chris  Daniel,  vice  president  of 
the  MSF  board,  joins  the  program  to  discuss  IPv6  and  GMI  2004. 
DocFinder:  3739 

Audio  Primer:  IPv6 

Get  the  skinny  on  IPv6  and  what  it  means  for  your  network  and  the 
'Net  as  a  whole,  DocFinder:  3740 


; Columnists 

The  Wireless  Wizards 

Controlling  bandwidth  for  guest  users 

A  user  asks  the  Wizards  how  to  control  the  amount  of 
wireless  bandwidth  guests  on  his  network  are  able  to  use. 

No  one  wants  a  guest  sapping  the  bandwidth  by  downloading 
movies  and  music  (legally,  of  course), 

DocFinder:  3742 

Help  Desk 

Protecting  Unux  servers 

Columnist  Ron  Nutter  helps  a  user  figure  out  the  best  way  to 
build  a  firewall  for  his  company's  new  Linux  boxes. 

DocFinder:  3743 


You've  Got  the  Power  Survey 

Spread  your  influence  by  casting  your  votes  in  this  first-of-its-kind 
survey  gauging  crucial  questions  of  industry  power,  from  executive 
hairstyles  to  comedic  appeal,  DocFinder:  3236 


Small-Business  Tech 

New  back-up  options  for  hurricane  season 
Columnist  James  Gaskin  takes  a  timely  look  at  new  back-up 
options  for  those  staring  a  hurricane  in  the  eye. 

DocFinder:  3744 


Seminars  and  Events 


Weekly  Webcast  Newsletter 

Our  weekly  newsletter  delivers  information  on  Webcasts  on  Network 
World  Fusion  —  your  24-7  source  for  solutions  and  strategies,  with 
links,  resources  and  answers  you  need.  Covering  topics  such  as 
security,  applications  and  wireless,  our  Webcasts  are  focused,  single¬ 
topic  briefings  from  technology  experts. 

DocFinder:  2542 


■  CONTACT  US  Network  World,  118Turnpike  Road,  Southborough, 
MA  01772;  Phone:  (508)  460-3333;  Fax:  (508)  490-6438; 

E-mail:  nwnews@nww.com;  STAFF:  See  the  masthead  on  page  14 
for  more  contact  information.  REPRINTS:  (717)  399-1900 
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SUBSCRIPTIONS/CHANGE  OF  ADDRESS:  Phone:  (508)  490-6444; 
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HomeLAN  Adventures 

HP  lands  in  the  living  room 

Senior  Reviews  Editor  Keith  Shaw  runs  down  HP's  new  home 
entertainment  offerings  and  what  they  mean  for  the  family 
tech  support  person. 

DocFinder:  3745 

Breaking  News 

Go  online  for  breaking  news  every  day.  DocFinder:  6342 

Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  toDics. 

DocFinder:  6343 


What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the 
home  page,  and  you’ll  jump  directly  to  the 
requested  information. 


Microsoft  extends  block  on  auto  installs 

H  Microsoft  last  week  added  120  days  to  the  time  a  special  registry 
key  will  block  the  automatic  installation  of  Windows  XP  Service 
Pack  2.  Corporations  that  use  the  Automatic  Updates  feature  of  XP 
originally  were  given  a  reprieve  on  automatic  installation  until  Aug. 
16.The  date  has  now  been  extended  to  Dec.  14.  Automatic  Updates 
users  had  requested  a  way  to  stop  the  download  of  the  service 
pack  to  have  time  to  adequately  test  their  applications  against 
security  changes  in  XP  SP2.  Microsoft  responded  with  a  special  reg¬ 
istry  key  that  blocks  XP  SP2  but  allows  the  download  of  other 
updates  and  patches  via  Automatic  Updates. 

Oracle  one  step  closer  to  PeopleSoft  takeover 

■  A  federal  judge  last  week  ruled  that  Oracle  can  proceed  with  its  bid  for  PeopleSoft,  thus 
removing  one  obstacle  preventing  the  hostile  acquisition.  The  ruling  rejects  the 
Department  of  Justice’s  anti-trust  claims,  contending  the  plaintiffs  failed  to  demonstrate 
that  the  merger  of  Oracle  and  PeopleSoft  is  likely  to  significantly  lessen  competition  for 
business  software.  The  decision  is  a  setback  for  PeopleSoft  and  a  blow  to  the  Justice 
Department,  but  it’s  far  from  a  green  light  for  Oracle’s  15-month  takeover  battle.  Oracle  still 
has  to  deal  with  PeopleSoft s  “poison  pill,”  an  anti-takeover  provision  in  its  bylaws  that  lets 
it  manipulate  its  shares  to  make  a  hostile  acquisition  prohibitively  expensive. 

McAfee  IPS  earns  government  seal 

■  McAfee’s  intrusion-prevention  system  IntruShield  has  become  the  first  IPS  to  earn  the 
“Common  Criteria”  product-testing  certification  issued  by  the  federal  government’s 
National  Information  Assurance  Program,  which  is  jointly  managed  by  the  National 
Institute  of  Standards  and  Technology  and  the  National  Security  Agency  The  Level  3 
Common  Criteria  certification  earned  by  IntruShield  will  let  the  commercial  off-the-shelf 
product  be  considered  for  purchase  by  the  Department  of  Defense  for  some  high-securi¬ 
ty  environments  where  certification  is  required. The  Common  Criteria  certification  also  is 
accepted  by  some  European  and  Asian  countries,  which  also  might  have  preferences  for 
products  that  have  passed  the  evaluation  and  test  procedures  in  accredited  labs. 

Cisco  to  acquire  NetSolve 

■  Cisco  channel  partners  will  be  able  to  offer  real-time  monitoring  of  enterprise  net¬ 
works  after  the  company’s  planned  acquisition  of  NetSolve,  which  was  announced  last 
week.  NetSolve  sells  a  service  that  remotely  monitors  the  performance,  health  and  sta¬ 
tus  of  data  networks  and  can  diagnose  problems  and  provide  troubleshooting.  Cisco 
will  let  channel  partners  provide  the  NetSolve  technology  to  enterprise  customers  as 
part  of  their  service  and  support  offerings.  Customers  will  get  a  view  into  the  network 
through  a  Web  portal,  and  the  channel  partners  will  be  able  to  use  the  monitoring  infor¬ 
mation  to  give  better  support,  Cisco  said.  Cisco  will  buy  all  outstanding  shares  of  pub- 


OMPENDIUM 

The  armies  of  the  night 

The  Internet  Storm  Center  reported  last  week  that  a  Norwegian  carrier 
discovered  and  shut  down  an  IRC-controlied  “zombie"  army  of  10,000  infected 
PCs.  Netcraft  provides  some  background  on  botnets  and  their  recent  attacks  at 

www.nwfusion.com,  DocFinder:  3750. 
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TheGoodTheBadTheUgly 


Want  fries  with 

that  song?  Critics 
of  the  music  industry's 
legal  efforts  to  protect 
copyrights  have  long  argued  that 
the  industry  should  instead 
new  business  models  and 
marketing  strategies.  Such 
critics  should  be  cheered 
by  a  deal  between  AOL 
Music  and  Burger  King 
that  will  offer  Whopper 
buyers  a  free  song  download. 

The  Sony  Connect  music  service 
and  McDonald's  launched  a 
similar  pitch  this  summer.  > 


Sasser  aftermath.  German  prosecutors,  in  indicting  an  18-year-old 
student  for  allegedly  creating  the  Sasser  worm  that  hit  networks  this  year,  say  143 
victims  of  the  worm  have  filed  charges  claiming  damages  of  $158,000.  However, 
because  many  businesses  and  individuals  seldom  report  such  damages,  the  damages 
could  be  much  higher,  a  spokesman  for  the  prosecutors  says.  The  defendant  could 
face  up  to  five  years  in  jail  for  computer  sabotage,  but  experts  say  his  previously 
clean  record  makes  that  unlikely. 

®  Spam  enabler?  Internal  e-mails  from  Sawis  Communications  have  surfaced 
on  the  Internet  that  show  the  St.  Louis  ISP  catered  to  e-mail  marketing  companies 
it  suspected  of  sending  out  unsolicited  commercial  e-mail.  A  company  executive 
acknowledged  that  Sawis  may  have  aided  spammers,  but  said  the  company  was  a 
victim  of  poor  organization  and  internal  communication  about  a  mushrooming  spam 
problem  after  the  March  acquisition  of  competitor  Cable  &  Wireless.  The  company 
is  now  taking  steps  to  kick  spammers  off  its  network  and  mend  fences  with  the 
anti-spam  community. 


licly  held  NetSolve  for  $1 1  per  share,  for  a  total  of  about  $128  million.  Because  NetSolve 
has  approximately  $40  million  in  cash,  the  effective  cost  of  the  acquisition  will  be  about 
$90  million  to  $95  million. 

Study  notes  single-day  spam  record 

■  Spurred  by  back-to-school  sales  and  political  pitches,  spam  accounted  for  82%  of  all 
inbound  e-mail  processed  in  August  and  made  up  90%  of  all  mail  sent  during  one  spam- 
filled  day  last  month,  according  to  an  e-mail  security  firm.  FrontBridge  Technologies  said 
it  blocked  2.5  billion  spam  messages  in  August  of  3.1  billion  messages  processed  that 
month.  The  e-mail  storm  reached  a  peak  Aug.  30,  when  90%  of  all  the  messages  Front- 
Bridge  processed  were  spam,  the  company  said.The  one-day  high  of  90%  topped  the  pre¬ 
vious  one-day  concentration  of  spam  of  85%,  set  in  June,  the  company  said.  FrontBridge, 
which  offers  e-mail  management  and  security  services  for  companies,  compiled  its  data 
from  more  than  2,200  global  customers  and  15,000  e-mail  domains. 

FGG:  Broadband  explosion  continuing 

■  The  number  of  broadband  users  in  the  U.S.  nearly  tripled  in  the  past  two  and  a  half 
years  to  more  than  48  million  subscribers,  according  to  a  report  released  last  week  by 
the  FCC.  High-speed  lines  providing  connectivity  of  more  than  200K  bit/sec  in  at  least 
one  direction  almost  tripled  from  June  2001  to  December  2003,  from  9.6  million  lines  to 
28.2  million  lines,  according  to  the  FCC  report.The  number  of  subscribers  to  advanced 
services  providing  connection  speeds  of  more  than  200K  bit/sec  in  both  directions  has 
more  than  tripled  since  the  FCC’s  last  report,  from  5.9  million  lines  in  June  2001  to  20.3 
million  lines  in  December  2003.  Cable  modem  and  DSL  services  provided  the  majority 
of  advanced  services  lines,  with  cable  representing  75.3%  and  DSL  representing  14.9%. 
The  percentage  of  cable  lines  increased  from  the  2001  report,  when  56%  of  broadband 
lines  were  cable,  according  to  the  FCC. 
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Policy-managed  connectivity 
that  doesn’t  limit  how 
or  where  they  work. 

Now,  everywhere  is  There. 


FOR  SECURITY  REASONS, 
WE’RE  RESTRICTING 
THE  MOVEMENTS  OF 
YOUR  MOBILE  USERS. 
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■Pass 

Enterprise  Connectivity  Services 


Can  you  guard  your  corporate  network 
without  grounding  your  mobile  workforce? 
With  iPass,  they're  good  to  go.  The  iPass' 
Endpoint  Policy  Management  service  makes 
sure  users  are  updated  with  the  right  security 
measures  before  they  log  on,  automatically 
finding  and  fixing  problems  on  the  fly.  So 
you  can  stop  worrying,  and  your  workers  can 
keep  working — everyThere  they  go. 


Get  the  iPass  Security 
Best  Practices  Guide. 

www. iPossIsThere.com 
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Microsoft's  virtual  server  ruffles  feathers 


■  BY  JOHN  FONTANA  AND  DENI  CONNOR 

Microsoft  this  week  is  scheduled  to  take 
its  first  step  into  server  virtualization  with 


the  release  of  Virtual  Server  2005,  but  the 
company  will  face  a  rash  of  technological, 
licensing  and  support  challenges  before  it 
can  claim  success. 


Corporate  users  are  aware  that  Virtual 
Server  2005,  which  lets  multiple  operating 
systems  run  on  a  single  physical  machine, 
is  heavily  Windows-centric  and  lacks  the 
performance  capabilities  and  feature  set  of 
other  virtualization  architectures. 

In  addition,  Microsoft’s  software  licensing 
has  not  been  altered  to  accommodate  vir¬ 
tualization  —  leaving  users  with  savings  on 
hardware  when  consolidating  servers  but 
not  on  software. 

Also  questions  are  arising  about  Micro¬ 
soft’s  plan  to  support  Windows  operating 
systems  when  they  are  running  on 
Virtual  Server  2005  but  to  deny  support 
when  those  same  operating  systems  run 
on  another  vendor’s  virtual  machine 
technology. 

“One  of  our  concerns  is  the  Microsoft 


product  will  be  very  Microsoft-specific,” 
says  Allan  Campbell,  director  of  IT  archi¬ 
tecture  for  MassMutual  Financial  Group  in 
Springfield,  Mass.“We  are  looking  at  Linux 
and  we  want  our  virtualization  strategy  to 
support  that,  and  so  we  are  concerned 
about  Microsoft’s  real  commitment  to  sup¬ 
porting  Linux  on  their  virtual  platform.” 

Virtual  Server  2005,  which  requires 
Windows  Server  2003  as  the  “host”  operat¬ 
ing  system  under  Virtual  Server,  supports 
Linux  as  a  “guest”  operating  system  running 
inside  a  virtual  machine,  but  Windows  NT 
and  2000  are  the  featured  guest  operating 
systems. 

“There  are  optimizations  that  we  will  do 
to  make  sure  that  Windows  performs  the 
best  in  that  guest  environment  so  that  we 
can  actually  tune  it  for  a  virtual  machine 
environment,”  says  Eric  Berg,  group  prod¬ 
uct  manager  for  Windows  Server. “And  you 
can  expect  to  see  slower  performance  on 
those  operating  systems  that  are  not  tuned 
for  that  environment.” 

That  deference  to  Windows,  in  part,  is 


why  Campbell  is  using  VMWare’s  ESX  virtu¬ 
alization  platform  to  consolidate  roughly 
80  Windows  servers  onto  four  eight-way 
IBM  servers.  Microsoft’s  support  policy  is 
the  reason  Campbell  almost  exclusively 
uses  those  virtual  machines  for  testing  and 
development,  and  not  in  production. 

“VMWare  is  not  an  officially  supported 
platform  for  Microsoft,”  Campbell  says.  “If 
we  have  a  problem  with  the  Windows  soft¬ 
ware  they  don’t  have  to  give  us  support 
unless  we  can  recreate  the  problem  on  a 
physical  server.” 

The  support  issue  is  different  with  Virtual 
Server  2005  —  Microsoft  will  support  ver¬ 
sions  of  Windows  that  run  on  virtual 
machines,  according  to  Microsoft’s  Berg. 

Campbell  says  he  is  pleased  Microsoft  is 
taking  virtualization  seriously  but  that  the 


company  will  have  to  answer  licensing 
and  support  questions. 

Microsoft  has  not  altered  its  licensing  and 
the  company  says  it  doesn’t  plan  to  do  so 
in  the  near  future,  leaving  users  to  pay  for 
each  server  within  each  virtual  machine. 

In  fact,  license  pricing  is  an  industry-wide 
concern.  Novell  and  IBM  license  SuSE 
Linux  and  AIX,  respectively,  per  server  and 
not  per  virtual  machine.  Red  Hat  Linux 
licenses  its  software  per  virtual  machine. 

“Licensing  software  for  a  static  entity  is 
the  old  way  of  doing  things,”  says  Gordon 
Haff,  an  analyst  with  Illuminata.That  won’t 
be  acceptable  going  forward  and  won’t 
correspond  to  how  users  are  running  appli¬ 
cations  and  systems  using  virtualization.” 

In  addition  to  those  lingering  issues,  users 
have  technology  hurdles  to  clear. 

Peter  Sellers,  analyst  for  desktop  LAN 
engineering  at  DTE  Energy  in  Detroit,  has 
been  testing  Virtual  Server  for  a  year  and 
likes  the  technology  but  is  stymied  by  two 
features:  support  for  the  Virtual  Network 
See  Microsoft,  page  60 


Digital  Document  Security 
and  IT:  Everything  you 
need  to  know. 


#  What  are  the  most  significant  digital  copier 

•  security  issues? 

A#  Various  copier  print  controllers  are  actually  servers 
•  that  queue  and  permanently  store  multiple 
document  files,  providing  administrator  access  to  the 
documents.  At  a  minimum,  most  digital  copiers  retain  the 
last  document  processed;  some  even  retain  multiple 
documents  totaling  hundreds  of  pages.  Others  redirect 
print  jobs  when  the  printer  is  busy  or  jammed,  making 
"denial  of  service"  attacks  possible. 


How  does  Sharp  protect  the  network  interface? 

A#  The  Sharp  Ethernet  card  allows  administrators  to 
•  restrict  access  and  disable  unnecessary  protocols. 
With  this  network  card,  the  Sharp  digital  copier  is 
essentially  protected  by  its  own  firewall. 

i  #  How  can  you  be  sure  that  security  products 
actually  perform  as  claimed? 

A#  The  Common  Criteria  program — administered  by 
•  the  U.S.  National  Security  Agency  and  the  National 
Institute  of  Standards  and  Technology — evaluates 
security  solutions.  Products  that  are  validated  under  the 
program  meet  security  levels  consistent  with  ISO  15408 
methodology. 


How  can  Sharp  improve  IT  security? 

A#  Sharp  offers  print  privacy  solutions  designed  to 
•  restrict  unauthorized  personnel  from  seeing 
confidential  materials.  Copier  access  can  be  controlled 
and  monitored,  while  documents  retained  in 
printer/copier/scanner/fax  memory  are  immediately 
cleared  to  eliminate  unauthorized  access. 
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How  secure  is  your  digital  information? 


Protect  your  information  with  the  Data  Security 
Kit  from  Sharp.  Financial  facts,  personnel  records, 
customer  lists:  networked  copiers/printers  process 
sensitive  information  every  day.  Unfortunately,  their 
hard  drives  can  also  be  accessed  via  the  network, 
contributing  to  $60  billion  worth  of  information 
theft  every  year.*  To  protect  this  weak  link  in  your 


corporate  security,  we've  created  our  Data  Security 
Kit.  It's  the  first  copier  and  printer  protection  to 
be  validated  by  Common  Criteria,  a  government- 
sponsored  program,  and  it's  available  only  with 
our  Digital  IMAGER™  series  of  copiers/printers. 
Sharp's  Data  Security  Kit.  Enhanced  information 
protection  at  your  fingertips,  sharpusa.com/security 
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Nortel  upgrading  IP  PBX,  media  server 

New  capabilities  are  designed  to  streamline  deployment  of  advanced  applications. 


Converged  conferencing 

Nortel’s  upgraded  Media  Convergence  Server  and 
Succession  Communication  Serverware  designed  to 
handle  presence,  multimedia  conferencing  and  other 
applications  regardless  of  end-user  device.  The  MCS 
now  works  with  legacy  phones  in  addition  to  IP  phones 
and  the  IP  PBX  now  supports  SIP. 
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■  BY  PHIL  HOCHMUTH 

Nortel  this  week  is  expected  to 
announce  upgraded  IP  PBX  and 
enterprise  multimedia  confer¬ 
ence  servers  designed  to  simplify 
the  deployment  of  advanced 
applications  such  as  presence 
management  and  multimedia 
conferencing. 

The  promise  of  such  applica¬ 
tions  is  to  help  employees  be 
more  productive  and  to  cut  costs 
on  external  teleconference  ser¬ 
vices  by  hosting  conferencing  as 
an  internal  application  running 
across  a  private  IP  network  or 
over  the  Internet,  Nortel  says. 

The  company  is  adding  Session 
Initiation  Protocol  (SIP)  to  its  IP 
PBX,  the  Succession  Commun¬ 
ication  Server  1000,  and  is 
enabling  its  Media  Convergence 
Server  (MCS)  5100  multimedia 
server  to  work  with  legacy  analog 
and  digital  phones,  in  addition  to 
the  IP  phones  it  has  supported  for 
several  years. 

Version  3.0  of  the  MCS  5100  and 
4.0  of  the  Communication  Server 
1000  are  in  trials  at  Franklin  Olin 
College,  an  engineering  school  in 
Needham,  Mass.  Giving  students 
and  staff  a  converged  desktop 
application  for  communications 
is  one  driver  for  deploying  the 


MCS  on  campus, says  Joanne  Kos¬ 
suth,  the  school’s  CIO. 

“That  service  will  appeal  to 
students  spending  a  semester 
abroad,”  she  says,  noting  that  it 
will  let  them  stay  in  touch  with 
professors  and  friends  online 
through  Nortel’s  Converged 
Desktop. That  client  application 
integrates  VoIP  and  IP  video 
conferencing,  e-mail  and  chat 
applications. 

The  IP  PBX  and  media  server 
upgrades  let  businesses  extend 
the  Converged  Desktop  applica¬ 
tion  to  support  legacy  Nortel  dig¬ 
ital  and  analog  phone  sets.  An 
end  user  with  a  PC  and  an  old 
TDM-based  Meridian  handset 
could  use  the  phone  in  multime¬ 
dia  conferencing  and  click-to- 
dial  applications  that  are  sup¬ 
ported  on  Nortel  IP  phone  and 
softphone  products. 

“When  doing  one  of  these  IP 
telephony  implementations,  one 
of  the  huge  expenses  is  the 
phone  sets,”  says  Bob  Hafner, 
director  of  research  for  Gartner. 
Offering  ability  to  use  multime¬ 
dia  applications  with  legacy 
handsets  could  be  a  compelling 
selling  point  for  businesses 
unsure  about  upgrading  to  VoIP 
he  says. 

“When  it  comes  to  telephony 


replacement,  pretty  much  every¬ 
one  has  a  good  enough  [IP  PBX] 
product,”  Hafner  says.  “Where  the 
differentiation  occurs  is  when 


you  look  at  the  multimedia  fea¬ 
tures  in  the  products.”  He  says 
MCS  is  ahead  of  offerings  from 
Cisco  and  Avaya  in  terms  of  con¬ 


verged  applications  and  on  par 
with  products  from  such  vendors 
as  Alcatel  and  Mitel. 

Communication  Server  4.0 
costs  $640  per  user  —  not  includ¬ 
ing  phones.  Pricing  information 
was  not  available  on  Version  3.0 
of  the  MCS  5100. 

In  addition  to  the  MCS 
and  Communication  Server 
upgrades,  Nortel  is  coming  out 
with  Version  22  of  its  Alteon  OS, 
with  the  ability  to  balance  SIP 
traffic  loads.  When  deployed  on 
Nortel’s  Alteon  Layer  4-7  switch¬ 
es,  the  software  will  let  businesses 
balance  SIP-based  VoIP  and  mul¬ 
timedia  traffic  across  servers, 
making  these  services  more  reli¬ 
able  and  stable,  the  vendor  says. 
The  software  upgrade  with 
SIP  load  balancing  costs  $12,000 
and  is  scheduled  to  be  available 
next  month. 

Also  new  on  the  hardware  front 
at  Nortel  are  two  BayStack  5520 
switches  with  10/1 00/ 1 000M 
bit/sec  and  Power  over  Ethernet 
features.The  switches  come  in  24- 
and  48-port  versions,  and  can  be 
stacked  to  run  as  a  single  virtual 
switch.  The  24-port  switch  costs 
$6,000,  and  the  48-port  model 
costs  $8,000.  Both  switches  are 
scheduled  to  be  available  in 
November.  ■ 


Start-up  makes  open  source  CRM  play 


■  BY  ANN  BEDNARZ 

SugarCRM  is  hedging  its  bets  that  corpo¬ 
rations  are  sick  of  paying  high  licensing 
fees  for  CRM  software.  The  5-month-old 
Cupertino,  Calif.,  company  last  week  an¬ 
nounced  a  new  version  of  its  freely  avail¬ 
able  salesforce  automation  software,  plus 
the  addition  of  subscription-based  techni¬ 
cal  support  and  training  services. 

“We  saw  this  huge  wave  of  open  source 
building,  and  we  saw  various  layers  of  the 
infrastructure  software  stack  maturing, ’’says 
John  Roberts,  CEO  of  SugarCRM.  Com¬ 
mercial  open  source  companies,  such  as 
Red  Hat  with  its  Linux-based  operating  sys¬ 
tem  software  and  JBoss  with  its  open- 
source  application  server,  have  begun  to 
get  attention  from  corporate  users.  Sugar¬ 
CRM  decided  the  same  model  could  work 
for  business  applications. 

E-commerce 

Subscribe  to  our  free  newsletter. 
DocFinder:  5434  www.nwfusion.com 


“So  we  all  resigned  in  April  and  started 
writing,”  Roberts  says. 

The  “we”  refers  to  Roberts;  Clint  Oram, 
SugarCRMs  vice  president  of  products  and 
services;  and  Jacob  Taylor,  vice  president  of 
engineering.  The  three  left  commercial 
CRM  software  maker  E.piphany  to  launch 
the  start-up.  At  E.piphany  Roberts  was  di¬ 
rector  of  product  management,  Oram  was 
a  senior  product  manager,  and  Taylor  was  a 
senior  development  manager  in  charge  of 
platform  infrastructure  and  services. 

The  company  is  building  CRM  applica¬ 
tions  around  the  so-called  LAMP  stack  of 
open  source  infrastructure  software, 
which  includes  the  Linux  server  operating 
system,  Apache  Web  server,  MySQL  data¬ 
base  and  PHP  Web  development  lan¬ 
guage.  The  software  also  can  run  on  Mi¬ 
crosoft  Windows  and  Internet  Information 
Server,  Roberts  says. 

The  vendor’s  first  application, Sugar  Sales, 
launched  in  July  It  includes  traditional 
salesforce  automation  features  such  as 
account,  contact,  opportunity  and  lead 
management.  Since  its  debut,  users  have 


downloaded  nearly  20,000  copies,  and  it 
has  been  translated  into  nine  languages, 
Roberts  says. 

This  week  SugarCRM  is  releasing  Sugar 
Sales  1.5,  which  includes  an  import  tool  to 
help  users  migrate  data  from  competing 
mid-market  CRM  applications  —  including 
Salesforce.com,  Best  Software’s  Act!  and 
SalesLogix  products,  and  Microsoft  CRM. 

Sugar  Sales  1.5  users  have  the  option  of 
licensing  SugarCRMs  new  Windows- 
based  Outlook  plug-in,  which  lets  Outlook 
users  save  customer  e-mails  in  Sugar  Sales 
for  sales  activity-tracking  purposes,  for 
example. 

Also  last  week,  SugarCRM  launched  its 
Sugar  Sales  Professional  service,  which 
includes  installation  services,  technical 
support  and  administrator  training.  Fees 
start  at  $149  per  user  for  the  first  year  and 
$239  per  user  thereafter. 

It’s  through  these  subscription  services 
that  SugarCRM  expects  to  take  in  revenue. 
The  approach  is  similar  to  that  of  rival 
ComPiere,  which  also  relies  on  a  service 
model  to  fund  its  development  of  open 


source  ERP  and  CRM  applications.  Down 
the  road  SugarCRM  intends  to  release  addi¬ 
tional  business  applications:  Sugar  Mark¬ 
eting  is  due  out  this  fall,  and  Sugar  Service 
is  due  early  next  year. 

Whether  the  world  is  ready  for  SugarCRM 
remains  to  be  seen.  Gartner  rates  the  matu¬ 
rity  of  open  source  business  applications 
as  “embryonic,”  and  says  products  are  used 
in  less  than  1%  of  small  and  midsize  busi¬ 
nesses.  “The  lack  of  standards,  and  the  siz¬ 
able  effort  needed  to  get  a  large  packaged 
application  off  the  ground,  limits  the 
applicability  of  the  open  source  develop¬ 
ment  model,”  Gartner  analyst  Nikos  Drakos 
wrote  in  a  recent  evaluation  of  open 
source  software  markets. 

Bill  Claybrook,  president  of  New  River 
Marketing  Research,  agrees  the  implemen¬ 
tation  requirements  of  large  corporations 
will  challenge  any  CRM  start-up  — 
whether  it’s  an  open  source  or  proprietary 
software  maker.  In  addition,  competition 
from  proprietary  CRM  vendors  such  as 
Siebel,  SAP  and  PeopleSoft  will  be  “huge,” 
Claybrook  says.  ■ 
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Be  cool,  Mr.  “I  Have  Security  Issues.” 
Nokia  has  you  covered. 


NAME:  Mr.  “I  Have  Security  Issues”  QUOTE:  “Is  it  safe?” 


CHALLENGE:  He  knows  that  always-on  connectivity  demands 
always-on  security.  Even  as  threats  change,  requests  for 
data  increase  and  budgets  get  tighter. 


N  OKI  AS  ANSWER  FOR  I.T.:  Nokia  Firewall  Appliance 


MEETS  HIS  NEEDS  by  enabling  the  rapid 
deployment  of  security  application  from 
Check  Point  Software  Technologies  on  purpose- 
buiit  Nokia  appliances.  Also,  with  a  track 
record  of  over  100,000  Nokia  installations, 
it  keeps  his  blood  pressure  down. 

MEETS  HIS  COMPANY’S  NEEDS  by  improving 
productivity  through  better  security  and  data 
availability,  and  by  offering  leading  price/ 
performance.  Whew! 


Learn  how  to  mobilize  your  team  and  increase  business 
productivity.  Download  “The  Anytime,  Anyplace  World’ 
white  paper  at  nokiaforbusiness.com 
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rotection,  mgmt  wares  debut 


m BY  DENI  CONNOR 


Computer  Associates  and  start¬ 
ups  InMage  and  Softek  are 
expected  to  unveil  software  and 
hardware  this  week  that  helps  IT 
professionals  manage  and  pro¬ 
tect  the  storage  on  their  networks. 

Among  the  announcements: 

•  CA  is  introducing  software 
that  manages  the  automation  of 
frequently  performed  manual 
tasks  for  its  BrightStor  line  of  data 
protection  and  storage-area  net¬ 
work  (SAN)  management  prod¬ 
ucts.  The  company  also  is  com¬ 
bining  15  BrightStor,  Unicenter 
and  eTrust  products  in  BrightStor 
rl  1.1. 

•  InMage,  a  data-continuity 
company  is  previewing  its  contin¬ 
uous  back-up  and  instantaneous 
recovery  software. 

•  Softek  is  unveiling  new  perfor¬ 
mance  management  software 
that  integrates  with  its  storage 
resource  management  products; 
the  company  also  is  introducing 
enhancements  to  several  other 
products  in  its  software  line. 

Analysts  say  customers  need  to 
pay  more  attention  to  the  man¬ 
agement,  backup  and  recovery  of 
networked  storage  data. 

“Backup  and  recovery  is  one 
of  the  most  painful  operations  in 
the  data  center,”  says  Stephanie 
Balaouras,  senior  analyst  with 


The  Yankee  Group.  “It’s  the  most 
time-consuming  and  the  most 
error-prone  process,  yet  it’s  so 
important.” 

Balaouras  says  products  like 
BrightStor  that  provide  a  single 
interface  for  backup,  recovery 
and  archiving  also  are  important, 
as  is  management  software  such 
as  Softek’s  that  helps  users  man¬ 
age  the  utilization  of  storage 
resources. 

“SAN  management  ranked  sec¬ 
ond  behind  backup  and  recovery 
as  the  most  time-consuming  task,” 
Balaouras  says.  “Most  large  enter¬ 
prises  have  more  than  one  SAN 
and  have  built  these  SANs  with 
heterogeneous  network  equip¬ 
ment  and  software.  Improving 
SAN  management  with  a  central¬ 
ized  tool  is  becoming  increasingly 
important.” 

BrightStor  rll.l  integrates  15 
separate  data-protection  prod¬ 
ucts,  including  the  company’s 
ARCserve  Backup  for  Windows, 
NetWare,  Linux  and  Unix  with  its 
BrightStor  SAN  Designer,  Bright¬ 
Stor  CA-Disk,  hierarchical  storage 
and  document  management 
products.  BrightStor  rll.l  will  be 
priced  based  on  the  terabytes  of 
storage  under  management. 

Frank  Tramontano,  CTO  for 
Pace  University  in  White  Plains, 
N.Y,  has  seen  the  benefits  of 
integration. 


Storage  visions 

These  companies  last  week  unveiled  data  protection  and  storage  management  products. 


Company 

Product 

Type  of  product 

Features/enhancements 

Computer 

Associates 

BrightStor  rll.l 

Data  protection  and 
backup 

Integrates  15  BrightStor  products  under  same 
umbrella;  introduces  automation  management. 

InMage 

Amethyst  (code 
name) 

Continuous  data 
protection 

Business  process-based  backup  and  recovery. 

Softek 

PerformanceTuner 

Storage  performance 
analysis 

Integrates  performance  management  with 
storage  resource  management,  tunes,  profiles, 
correlates  and  alerts  based  on  thresholds. 

Network 

Intelligence 

Engine  LS  series 
cluster 

Storage  array 

Stores  data  for  regulatory  compliance. 

“The  integration  into  other  CA 
products  I  have  such  as  Uni¬ 
center  Network  and  Systems 
Management  and  ServicePlus 
Service  Desk  is  a  real  plus,”  he 
says. 

“Aside  from  that,  the  new  multi¬ 
plexing  capability  of  ARCserve 
allows  me  to  back  up  several 
servers  to  the  same  tape  library 
at  the  same  time,”  he  says.  “With 
the  multiplexing  capability  I  can 
now  back  up  the  network  in  24 
hours,  rather  than  55  hours.” 

Pace  University  has  more  than 
14,000  students,  a  few  thousand 
employees  and  more  than  5T 
bytes  of  data  on  100  servers. 

Meanwhile,  InMage  is  creating 
software  that  provides  not  only 


continuous  data  recovery  but 
also  business  continuity  Its  prod¬ 
uct,  code-named  Amethyst,  dif¬ 
fers  from  other  continuous  data- 
protection  software  from  compa¬ 
nies  such  as  Mendocino  Soft¬ 
ware,  Revivio  and  XOsoft  in  that 
it  is  sensitive  to  business  process¬ 
es  rather  than  just  time. 

For  instance,  if  a  company  is 
using  InMage’s  software  to  back 
up  its  accounting  database  and 
the  system  fails  right  after  the 
company  closes  its  quarterly 
books,  Amethyst  can  roll  back 
the  database  to  just  before  the 
closing,  preserving  the  integrity 
of  the  data  to  that  event. 

InMage  was  co-founded  in 
2001  by  Kumar  Malavalli,  co¬ 


Relocation  services  firm  digs  out  worms 

Spate  of  trouble  prompted  Sirva  to  turn  to  ForeScout  for  help. 


■  BY  ELLEN  MESSMER 

Relocation  services  firm  Sirva 
was  hit  so  hard  by  the  wave  of 
computer  worms  and  viruses  that 
swept  the  Internet  this  time  last 
year,  that  preventing  future  attacks 
became  a  top  priority  for  the 
company 

The  Westwood,  Ill.,  global  giant, 
with  $2.2  billion  in  annual  rev¬ 
enue,  includes  the  Allied  and 
North  American  Van  Lines,  and 
Trans  International  and  Hoults 
Removal  Group  in  Europe  and 
Asia.  The  computer  worms  and 
viruses  that  started  hitting  Sirva  in  late  August 
2003  —  including  Blaster,  Nachi  and  SoBig.F 
—  disrupted  the  company’s  network  and 
e-commerce  operations  so  seriously  that 
upper  management  couldn’t  help  but  notice. 

“The  experience  of  the  worms  getting  into 
the  network  had  the  impact  of  an  outage,” says 
Ann  Harten,  CIO  and  senior  vice  president  at 
Sirva.  “1  was  in  Europe  when  this  happened 


The  Nachi  worm  played 
havoc  on  us.99 


Ann  Harten 

CIO,  Sirva 


and  so  was  our  CEO. We  experienced  firsthand 
what  was  going  on.” 

“The  Nachi  worm  played  havoc  on  us,” caus¬ 
ing  massive  network  congestion,  Harten  says. 
Nachi,  also  known  as  the  Welchia  worm,  gen¬ 
erates  what  is  often  a  crippling  level  of 
increased  network  traffic  and  exploits  vulner¬ 
abilities  in  unpatched  Windows  machines  to 
try  to  remove  the  Blaster  worm. 


Much  to  everyone’s  horror,  viruses 
also  began  altering  business  data  in 
Sirva  computers.  Under  the  on¬ 
slaught  of  the  virus  and  worm  siege, 
employees  were  forced  to  revert  to 
manual  processes  to  get  through 
several  days  while  the  IT  depart¬ 
ment  cleaned  up  the  mess  in  the 
machines. 

Ted  Kozenko,  senior  manager  of 
security,  and  Chuck  Shmayel,  vice 
president  of  infrastructure  and  secu¬ 
rity,  say  Sirva  has  improved  its  soft¬ 
ware-patching  process,  primarily 
through  more  regular  updates  of 
Windows  servers  and  desktops.  But 
the  traumatic  events  of  last  year  also  prompt¬ 
ed  the  IT  department  to  shop  for  a  worm-killer. 

As  a  foundation  defense  they  chose  two 
products  from  ForeScout  Technologies  that 
detect  early  signs  of  worm  activity  such  as 
incessant  scanning.  Because  WormScout  and 
Active  Scout  look  for  worm  behavior  rather 
than  the  specific  signature  of  known  worms, 

See  Sirva,  page  59 


founder  of  Fibre  Channel  switch 
vendor  Brocade  Communica¬ 
tions,  and  is  funded  with  $7.3 
million  from  Hummer  Winblad 
and  Malavalli. 

“InMage  is  a  company  to  keep 
an  eye  on,”  Balaouras  says.“Their 
product  can  be  software-only  or 
installed  on  an  industry-stan¬ 
dard  server.  They  do  instant 
recovery  and  continuous  data 
protection,  but  they’ll  soon  be 
offering  backup  and  archiving 
functionality  from  the  same 
management  console.” 

Sources  indicate  that  InMage’s 
Amethyst  will  be  able  to  run  on 
Brocade’s  Fibre  Channel  direc¬ 
tor-level  switches.  Softek  is 
enhancing  its  Storage  Manager, 
Space  Optimizer  and  SANView 
products,  as  well  as  introducing 
a  product  that  monitors  perfor¬ 
mance  and  builds  profiles  of  typ¬ 
ical  performance.  It  also  corre¬ 
lates  elements  of  a  SAN  such  as 
Fibre  Channel  switches,  and  gen¬ 
erates  alerts  based  on  the  dura¬ 
tion  and  frequency  of  perfor¬ 
mance  relative  to  acceptable 
thresholds. 

For  its  part,  Softek  Storage  Man¬ 
ager  2.5  can  manage  500  million 
files  from  a  single  console,  and 
supports  Windows  Server  2003 
and  the  Apache  Web  server. 
Space  Optimizer  now  supports 
SuSE  Enterprise  Linux  Server 
and  Novell’s  NetWare. 

The  company’s  SANview  soft¬ 
ware  now  can  manage  EMC 
Symmetrix  DMX  and  Clariion 
arrays,  and  Hitachi  Lightning 
arrays.  It  also  now  supports  de¬ 
vices  that  conform  to  the  Storage 
Management  Industry  Specifica¬ 
tion,  a  standard  for  managing 
heterogeneous  devices. 

Softek  Storage  Manager  starts 
at  $25,000;  Softek  Performance 
Tuner  starts  at  $4,000;  and  Softek 
SANView  starts  at  $  13,000.  ■ 


Chances  are  you  won’t  get  fired  for  buying  an  IPSec  or  SSL  VPN. 

Here’s  why  you  should  be. 


Yiur  boss  hired  you  for  two  reasons.  One:  to  make  bold  decisions  that  improve  productivity.  Two:  to  make  your  boss  look  good.  Achieve 
both  goals  by  choosing  a  Net6  Hybrid-VPN.  Unlike  IPSec  VPNs,  it  provides  users  with  remote  access  through  firewalls,  prevents  the  traversal 
of  worms,  and  practically  eliminates  client  maintenance  costs.  And  SSL-VPN  weaknesses?  They’re  history.  Our  Hybrid-VPN  Gateway  supports 
all  applications  right  out  of  the  box.  No  changes,  costly  connectors  or  webification  needed.  Now  you  have  a  decision  to  make.  Tell  your  boss 
you’re  buying  a  Net6  Hybrid-VPN.  Or  buy  a  traditional  VPN  and  hope  he  never  reads  this  ad.  To  learn  more,  visit  WWW.net6. COITl/hybrid 
and  request  the  Hybrid-VPN  technical  white  paper.  MfffilHirr'  lilif 


©  2004  Net6  and  Net6  Hybrid-VPN  Gateway  are  trademarks  of  Net6,  Inc. 
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Speech  news 

Scores  of  vendors  are  using  SpeechTek  to  launch  their  latest  wares.  Here  are  a  handful  of  announcements  expected 

at  the  show. 


Vendor: 

Edify 

Intervoice 

LumenVox 

Nuance 

TuVox 

Product: 

Voice  Banking 

Omvia  Control  Center 

Speech  Recognition 
Engine,  LV  Speech 
Tuner,  and  Speech 
Driven  Information 
System 

VocalizerText-To- 

Speech 

Perfect  Router 

Significance: 

New  banking 
application  uses 
speech-enabled  self- 
service  interface  that 
automates  typical 
customer  requests 
such  as  getting  account 
information,  changing  a 
PIN  and  transferring 
funds. 

New  management  tool 
monitors  Intervoice’s 
voice-automation 
systems. 

Version  5.0  product  now 
supports  VoiceXML 
standards;  Speech 
Tuner  supports  third- 
party  speech- 
recognition  platforms. 

Enhanced  prompt- 
creation  tools  let 
companies  replace 
voice-recorded  portions 
of  systems  with  text-to- 
speech  functions  to 
trim  deployment  costs. 

New  speech-enabled 
call-routing  application 
uses  conversational 
dialogs  to  identify  what 
callers  want  and  route 
them  to  the  appropriate 
destinations  without 
operator  handling. 

Speech 

continued  from  page  1 

SpeechTek  conference  in  New 
York.  The  semiannual  SpeechTek 
trade  show  focuses  on  products 
and  services  based  on  voice 
technologies.  About  3,000  atten¬ 
dees  and  106  exhibitors  are 
expected  at  the  show,  according 
to  event  organizers. 

SpeechTek  organizers  devel¬ 
oped  conference  tracks  for  key 
industries,  including  financial  ser¬ 
vices,  healthcare,  insurance,  gov¬ 
ernment  and  utilities. 

The  speech  recognition 
market  grew  in  2003  for 
the  first  time  in  several 
years,  rising  about 

6% 

from  $113  million  to 
$120  million,  according 
to  Gartner. 


Speech  vendors,  too,  have 
honed  their  wares  for  individual 
market  sectors  to  improve  adop¬ 
tion.  Edify  is  launching  an  auto¬ 
attendant  application  for  banks 
that  automates  typical  customer 
requests  such  as  changing  a  PIN 
and  transferring  funds. 

Similarly  VoiceGenie  Technolo¬ 
gies  will  debut  a  suite  of  speech 
applications  for  utility  compa¬ 
nies.  Its  NXP  Utilities  Suite  in¬ 
cludes  an  automated  meter-re- 
porting  system  that  lets  subscrib¬ 
ers  phone  in  their  service  meter 
readings,  and  an  emergency 
notification  system  that  lets  util¬ 
ity  companies  automatically 
deliver  outbound  calls  to  cus¬ 
tomers  via  a  telephony  or  Web 


interface. 

The  trend  to  develop  speech 
wares  geared  for  specific  vertical 
markets  is  a  sign  that  the  industry 
is  maturing,  says  Daniel  Hong, 
voice  business  analyst  at  Data- 
monitor.  After  gaining  experience 
with  general  speech  technolo¬ 
gies,  such  as  auto-attendant  appli¬ 
cations,  vendors  now  are  working 
to  translate  their  expertise  into 
vertical-specific  products,  Hong 
says. 

But  there’s  still  a  lot  of  work  to 
do. “In  general,  market  awareness 
of  speech  is  poor!’  Hong  says.  Up 
to  40%  of  the  largest  U.S.  compa¬ 
nies  still  have  only  one  speech 
application  deployed,  he  says. 
Smaller  companies  have  little  to 
no  knowledge  of  speech  tech¬ 
nologies. 

That’s  slowly  changing.  Im¬ 
proved  IT  spending  among  busi¬ 
ness  is  driving  interest  in  voice 
technology  deployments,  Hong 
says.  In  addition,  the  advent  of 
standards  such  as  VoiceXML,  and 
to  a  lesser  extent  the  Microsoft- 
based  Speech  Application  Lang¬ 
uage  Tags  specification,  have 
freed  companies  from  getting 
locked  into  expensive,  propri¬ 
etary  speech  platforms  and 
custom-developed  applications. 
“Across  the  board,  pricing  has 
declined,”  Hong  says. 

Reaching  the  masses 

These  lower  prices  are  ex¬ 
pected  to  spur  voice-enabled 
deployments.  Adoption  of  speech 
recognition  technologies  is  on 
the  rise,  according  to  Gartner.  The 
research  firm  says  shipments  of 
speech-recognition  telephony 
software  are  expected  to  triple 
between  2003  and  2008. 

Six  months  ago  at  the  spring 
SpeechTek  conference  in  San 
Francisco,  the  big  news  was  the 


debut  of  Microsoft’s  Speech 
Server  2004  products.The  launch 
marked  the  company’s  entry  into 
the  server-based  speech-recogni¬ 
tion  market,  where  it  competes 
with  vendors  such  as  Nuance 
Communications,  ScanSoft  and 
IBM. 

At  the  time,  Microsoft  touted 
the  simplicity  of  its  platform:  De¬ 
velopers  can  use  familiar  Micro¬ 
soft  tools  such  as  Visual  Studio 
.Net  to  build  voice-enabled  ap¬ 
plications,  and  Speech  Server 
runs  just  like  any  other  Microsoft 
server  product. 

Now  applications  based  on 
Speech  Server  are  beginning  to 
debut.  At  this  week’s  SpeechTek 
show,  Microsoft  partner  Pro¬ 
nexus  is  scheduled  to  unveil  its 
VeoConnect  speech-enabled 
auto  attendant  designed  for 
Speech  Server  2004.VeoConnect 
lets  callers  reach  any  depart¬ 
ment  or  employee  by  simply 
using  their  voice  instead  of  dial¬ 
ing  by  name. 

Pronexus  is  targeting  small 
and  midsize  businesses  that  tra¬ 
ditionally  have  been  priced  out 
of  high-end  voice-automation 
systems. 

Vocomo  also  is  aiming  for 
affordability  with  its  latest  interac¬ 
tive  voice-response  platform.  De¬ 
signed  for  converged  networks, 
Vocomo’s  new  VocomoVoice 
Response  for  VoIP  lets  companies 
deploy  customer  service  applica¬ 
tions  in  a  single,  IP-centric  net¬ 
work  without  investing  in  special¬ 
ized  hardware,  the  vendor  says. 

It’s  true  that  small  and  midsize 
companies  have  the  ability  to 
invest  in  speech,  Hong  says.  “It 
may  be  on  their  radar  now  more 
so  than  ever  before,”  he  says.  But 
on  the  radar  is  not  the  same  as  on 
the  budget.  It  still  could  take 
some  time  before  the  buying 


begins,  he  says. 

Caller  ID 

Speech  isn’t  just  for  customer- 
service  applications;  it  also  can 
play  a  role  in  enterprise  securityA 
pair  of  vendors  are  launching 
new  voice  authentication  wares 
at  SpeechTek. 

Vocent’s  DecisionMaker  2.0 
combines  voice  biometrics  and 
data  analysis  to  verify  caller 
identities  before  letting  them 
create  or  access  a  bank  account, 
for  example.  The  new  version  in¬ 
cludes  enhanced  reporting  tools 
for  auditing  and  logging  pur¬ 
poses,  and  a  refined  risk-model¬ 
ing  engine  designed  to  fight 
identity  theft. 

Similarly,  Diaphonics  uses 
voice  authentication  to  help 
companies  fight  fraud.  Its  Spike 
Server  confirms  the  identity  of 
callers,  records  voice  transac¬ 
tions  and  creates  a  searchable 
audit  trail  of  all  conversations. 
New  inversion  1.5  is  multi-tenant 
support  so  customers  can  provi¬ 
sion  multiple  applications  using 
a  single  Spike  server. 

While  voice  authentication  also 
is  getting  attention,  growth  hasn’t 
been  explosive,  Hong  says.  Many 
financial  institutions  are  at  the 
early  stage  of  evaluating  and 
piloting  the  technology.  But  they 
don’t  want  to  rush  to  deploy  a 
technology  that  lengthens  the 
duration  of  a  transaction  and 
potentially  could  alienate  cus¬ 
tomers,  he  says. 

Once  the  early  adopters  work 
out  the  kinks  of  how  the  technol¬ 
ogy  fits  into  telephone  transac¬ 
tion  processes, ,  implementations 
will  pick  up,  Hong  says.  “It  will 
happen  in  a  year  or  so.”  ■ 
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Middleware  is  Everywhere 


Can  you  see  it? 
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MIDDLEWARE  IS  IBM  SOFTWARE.  It’s  software 
that  automates  your  IT  systems  to  align  with  your  unique 
business  goals.  Open,  flexible,  end-to-end  solutions 
that  help  you  keep  up  with  customer  demands  on  your 
infrastructure.  It's  how  to  avoid  costly  interruptions  in 
service  and  fulfill  your  service  level  agreements.  It’s  how 
to  stay  on  top  of  your  game,  no  matter  what  size  you  are. 


1.  Star  footballer  heads  it  in  at  buzzer. 

2.  Fans  call  rival  fans  to  gloat. 

3. 300%  more  calls  flood  network. 

4.  IT  systems  sense  and  respond  instantly. 

5.  Telecom  scores  big  with  customers. 


Middleware  for  the  on  demand  world.  Learn  more  at  ibm.com/middleware/agility  03  DEMAND  BUSINESS 
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Routers 

continued  from  page  1 

low-cost  competition  from  Asia. 
This  week  3Com  will  launch  a 
high-end  edge  router  aimed  at 
undercutting  Cisco  on  price.  The 
box  is  derived  from  3Com’s  joint 
venture  with  Huawei. 

“Clearly  the  router  wars  are  on,” 
says  Zeus  Kerravala,  an  analyst 
with  The  Yankee  Group.  Over  the 
past  few  months,  Adtran,  Juniper 
and  Foundry  Networks  launched 
products  that  compete  with  those 
of  Cisco,  which  made  $5  billion  in 
router  sales  last  year.  Other  play¬ 
ers  include  Enterasys  Networks 
and  Nortel. 

For  Cisco,  the  1800,  2800  and 
3800  routers  represent  the  broad¬ 
est  upgrade  to  its  enterprise 
router  line  in  two  years.  Cisco  says 
the  new  routers  address  two 
major  concerns  of  customers:  the 
upgrade  costs  associated  with 


Cisco's  3800  router  is  part  of  the 
company’s  broadest  enterprise 
product  line  upgrade  in  two  years. 


stacking  service  modules  into 
previous  router  platforms;  and 
reliability  concerns  about  VPN, 
IDS,  firewall,  VoIP  and  other  ser¬ 
vices  running  on  a  single  proces¬ 
sor  in  one  box. 

The  2800  series  was  tested  this 
month  on  the  WAN  of  RBC  Dain 
Rauscher,  a  Minneapolis  retail 
brokerage  firm,  owned  by  RBC 
Financial  Group  in  Toronto.  The 
firm,  which  has  dual  2600s  de¬ 
ployed  throughout  its  180  offices 
in  the  U.S.,  plans  to  upgrade  its 
routers  to  the  2821  for  an  upcom¬ 
ing  IP  telephony  deployment. 

RBC  runs  firewall  services  and 
some  VoIP  on  its  2600s  now,  says 
Rich  Blesing,  managing  director 
of  infrastructure  services  for 
RBC.  But  deploying  the  2800s 
“wall  help  cut  the  expense  and 
the  labor  that  goes  into  upgrad¬ 
ing  routers,”  he  says,  because 
voice  and  security  services  are 
built  in. 

Users  and  analysts  familiar 
with  Cisco  routers  say  that 
adding  security  and  voice  fea¬ 
tures  —  through  IOS  and  memo¬ 
ry  upgrades  —  and  adding  ser¬ 
vice  modules  can  drive  up  the 
cost  of  a  box  by  anywhere  from 
50%  to  100%  the  devices  list 
price.  In  large  businesses  distrib¬ 
uted  across  multiple  sites  with 
hundreds  or  thousands  of 
routers,  those  costs  can  add  up 
fast. 


Cisco  says  its  routers  now  run 
embedded  processing  for  VoIP 
and  IPSec  VPN  encryption,  as 
well  as  IOS  firewall  packet 
inspection  and  IDS  functions. 
These  services  previously  ran  on 
various  service  modules  fitted 
into  older  routers,  and  they  used 
the  router’s  CPU  more  heavily 
The  new  architecture  lets  the 
embedded  services  talk  directly 
to  the  routers  system  memory 
freeing  up  the  router  CPU  for 
faster  packet  routing.  This  leaves 
room  for  more  service  blades, 
such  as  content  networking,  inte¬ 
grated  Unity  voice  mail  or  net¬ 
work  management  modules. 
Four-  and  nine-port  Ethernet 
switch  modules  are  available  for 
the  routers,  which  let  smaller 
offices  further  consolidate 
equipment. 

The  1800-3800  series  includes 
up  to  five  times  the  standard 
memory  shipped  with  previous 
1700-3700  series  routers,  Cisco 
says.  A  new  IOS  version  —  IOS 
12.3.8T  —  also  is  part  of  the  new 
product  line. 

Pricing  for  Cisco’s  Integrated 
Services  Router  3800  series 
ranges  from  $9,500  to  $13,500. 
The  2800  series  is  priced  from 
$1,700  to  $6,500,  and  the  1800 
series  will  start  at  $1,400. 

3Com  offerings 

3Com,  meanwhile,  will  uncover 
its  6000  series  router,  which 
includes  built-in  security  and  fast 
packet  processing.  But  the  ven¬ 
dor  says  its  router  —  starting  at 
$7,000  —  will  cost  30%  to  50% 
less  than  similar  Cisco  offerings. 

3Com  is  pitching  the  6000 
series  routers  at  businesses  that 
want  security  features  included 
as  standard. The  company  says  it 
is  offering  an  alternative  to  what 
it  calls  the  “nickel-and-dime” 
upgrades  Cisco  customers  must 
go  through  to  build  WAN  con¬ 
nectivity  firewall  and  VPN  into 
one  edge  device.  (Cisco  says  it 
addresses  this  issue  with  its  new 
offerings.) 

The  6000  includes  eight  slots 
for  WAN  interface  cards,  with 


3Com  says  its  new  series  6000 
router  costs  30%  to  50%  less  than 
similar  Cisco  offerings. 


support  for  T-l,  T-3  and  DS-3 
blades.  Software  support  is 
included  for  firewall,  IPSec  VPN, 
denial-of-service  attack  blocking 
(via  attack  signature  recogni¬ 
tion),  and  support  for  Layer  2 
and  Layer  3  MPLS  tagging.  The 
new  box  adds  to  3Com’s  other 
Huawei-based  Router  5000  WAN 
boxes,  announced  last  year. 

The  Ventura  Unified  School 
District  in  California  runs  a 
3Com-based  Gigabit  Ethernet 
metropolitan-area  network  over 
fiber,  which  connects  26  schools 
and  other  facilities.  The  network 
replaced  a  frame  relay  WAN  con¬ 
sisting  of  Cisco  2600  routers  two 
years  ago.  For  the  few  buildings 
not  on  the  fiber  grid,  the  district 
uses  3Com  Router  5000  series 
devices  with  multiple  T-3  lines. 

The  school  district  previously 
used  Cisco  2600  series  routers  in 
its  schools  connected  via  frame 
relay  Ted  Malos,  IT  director  for 
the  school  district,  says  he 
looked  at  a  Cisco  3700  series 
router  with  a  T-3  card,  which  cost 
about  $13,000,  but  chose  the 
3Com  Router  5000  because  it 
offered  nearly  equal  functionali¬ 
ty  for  about  $7,400.  As  the  school 
expands  to  more  sites  that  don’t 
have  access  to  fiber,  he  says  he 
would  consider  upgrading  to  the 
Router  6000  series  to  support 
multi-T-3  sites. 

Malos  says  the  only  issues  with 
the  3Com  routers  involved  sup¬ 
port  for  Cisco-based  protocols. 

“It  appeared  they  would  sup¬ 
port  some  proprietary  Cisco  pro¬ 
tocols,  such  as  [Enhanced  Inter¬ 
ior  Gateway  Routing  Protocol],” 
when  he  first  looked  at  the  3Com 
routers,  Malos  says.  “In  the  end, 
Cisco’s  attorneys  made  certain 


they  didn’t.” 

Cisco  sued  Huawei  last  year  for 
using  E1GRR  and  Huawei  took 
the  protocol  out  as  part  of  a 
court  settlement.  Malos  says  it 
would  have  been  nice  to  have 
EIGRP  running,  which  simplifies 
how  routers  identify  each  other 
on  a  WAN,  but  his  staff  worked 
around  the  issue. 

While  3Com  pushes  hard  into 
Cisco’s  turf,  the  routing  leader  is 
eyeing  Juniper  more  warily  as  its 
biggest  high-end  router  competi¬ 
tion  also  moves  into  the  enter¬ 
prise  WAN  edge  market.  After  ac¬ 
quiring  security  appliance  ven¬ 
dor  NetScreen  Technologies, 
Juniper  released  its  J-Series  WAN 
edge  routers  in  June,  which  will 
compete  with  Cisco’s  1700-3700 
and  the  1800-3800  series.  The  J- 
Series  is  scheduled  to  ship  this 
month. 

Juniper  says  its  routers  offer 
customers  better  security  and 


■  BY  CARA  GARRETSON 


software  reliability  than  Cisco’s, 
because  Juniper’s  Junos  soft¬ 
ware  has  a  modular-based  archi¬ 
tecture.  This  makes  the  code 
more  reliable  and  easier  to 
upgrade  and  maintain,  Juniper 
says. 

While  not  directly  referring  to 
Juniper,  Jeanne  Dunn,  a  Cisco 
marketing  director,  says,  “we’re 
seeing  competition  trying  to 
enter  the  enterprise  market  from 
the  service  provider  space.  But 
they’re  coming  in  at  a  technolo¬ 
gy  level  that’s  three  or  four  years 
behind  what  we’re  doing  now” 
Cisco’s  1800,  2800  and  3800 
Integrated  Service  Routers  are 
scheduled  to  ship  this  month. 
3Com’s  Router  6000  is  shipping 
now  and  starts  at  $7,000  for  the 
chassis.  Juniper’s  J-Series  also  is 
expected  to  ship  this  month.  ■ 
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Symantec  this  week  will  release  an  anti-fraud  service  designed  to  pro¬ 
tect  financial  institutions  and  retailers,  as  well  as  their  customers,  from 
phishing  attacks. 

Based  on  a  service  launched  last  year  by  Brightmail  —  the  anti-spam 
software  maker  that  Symantec  acquired  in  June  —  the  Online  Fraud 
Management  Solution  will  be  offered  to  organizations  such  as  credit 
card  companies, banks  and  retailers  that  often  communicate  with  their 
customers  via  e-mail  and  therefore  have  become  phishing  targets. 

Phishers  steal  identities  by  sending  e-mail  that  appears  to  come  from 
a  legitimate  organization  and  tricking  consumers  into  providing  per¬ 
sonal  and  financial  information  in  an  e-mail  response  or  on  a  Web  site. 

With  the  new  service,  Symantec  employs  Brightmail’s  spam-detection 
technology  to  spot  phishing  e-mails,  namely  by  trapping  messages  in  its 
Probe  network  of  decoy  accounts  and  analyzing  them  —  sometimes 
manually  —  to  determine  if  they  are  legitimate  or  fraudulent.  In  the 
case  of  fake  e-mails  designed  to  look  like  messages  from  a  specific 
company  Symantec  updates  the  anti-spam  filters  used  by  its  30  million 
users  to  trap  those  messages  before  they  reach  in-boxes.  Symantec’s 
anti-spam  filters  are  used  by  large  corporations  and  ISPs. 

“If  a  customer  can’t  get  the  bait,  then  they  can’t  be  phished,”says  Kim 
Legelis,  director  of  Symantec  Industry  Solutions. 

As  part  of  the  service,  Symantec  also  alerts  the  company  being 
phished  to  the  attack  and  provides  information  to  help  track  down  the 
attacker, such  as  the  IP  address  that  the  fraudulent  e-mail  was  sent  from, 
Legelis  says.  Also  included  are  tools  that  help  subscribers  educate  and 
protect  customers  from  online  fraud, such  as  a  resource  center  that  lets 
users  assess  their  PC’s  vulnerability  and  download  security  software 
from  Symantec. 

According  to  a  study  by  The  Radicati  Group  published  in  July,  the 
number  of  unique  phishing  attacks  worldwide  will  grow  1 15%,  from  an 
average  of  51  unique  attacks  per  month  to  1 10  per  month  by  2008.The 
analyst  firm  predicts  the  market  for  products  and  services  that  protect 
consumers  from  phishing  attacks  and  companies  from  online  fraud 
will  top  $202  million  this  year. 

The  cost  for  Symantec’s  Online  Fraud  Management  Solution  will 
depend  on  the  number  of  registered  customers  a  subscriber  has,  aver¬ 
aging  pennies  per  user,  per  year,  Legelis  says.  ■ 
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Vendors  unveil  new  security  lines  of  defense 


■  BY  ELLEN  MESSMER 

Security  vendor  McAfee  last  week 
unveiled  a  line  of  appliances  and  services 
for  combating  spam  and  viruses,  while 
start-up  iPolicy  Networks  introduced  a  line 
of  intrusion-prevention  systems  with  con¬ 
tent  filtering. 

McAfee’s  WebShield  3.0  line  of  appli¬ 
ances  scan  the  corporate  Internet  gateway 
for  inbound  and  outbound  viruses  and 
spam.  The  latest  models  of  the  WebShield 
e250,e500  and  elOOO  appliances, which  fil¬ 
ter  between  35,000  and  70,000  messages 
per  hour,  will  be  able  to  scan  for  inappro¬ 
priate  email  content  based  on  factors  that 
include  keywords,  file  size  and  type. 

In  addition,  McAfee’s  managed  services 
division,  which  has  for  several  years  made 
available  a  managed  anti-virus  scanning 
service  under  the  ASAP  brand,  now  is 
adding  anti-spam  filtering. 

The  McAfee  anti-spam  service,  similar  to 
Symantec’s  Brightmail,  works  by  having 
subscriber  companies  redirect  mailbox 
traffic  to  the  McAfee  data  center  to  be  fil¬ 
tered,  according  to  Lillian  Wai,  McAfee 
managed  services  product  marketing  man- 
ager.The  McAfee  ASAP  service,  which  costs 
about  $2.50  per  user,  per  month,  lets  end 
users  and  IT  administrators  set  up  cus¬ 
tomized  filtering  rules,  including  whitelists 
and  blacklists. 

Companies  that  want  to  purchase  McAfee 
equipment  rather  than  outsourcing  ser¬ 
vices  will  find  the  WebShield  3.0  appliances 
for  content  filtering  range  from  $2,500  to 
$15,000,  according  to  John  Bedrick,  group 
product  marketing  manager. 

Meanwhile, start-up  iPolicy  Networks  has 
teamed  with  McAfee  to  offer  McAfee  anti¬ 
virus  software  as  part  of  a  new  line  of 
VPN/firewall-based  IPS.  The  iPolicy  Net¬ 
works  IPS  appliances  block  worms  and 
denial-of-service  attacks,  and  provide  anti¬ 
virus  and  Web-based  content  and  spam 
filtering. 

The  iPolicy  2000,  3000  and  4000  series 
appliances  can  be  used  as  gateway  and 
internal  firewall-based  IPSs  for  small  and 
midsize  businesses,  says  Prabhu  Goel, 
iPolicy’s  chairman  and  CEO. 

Goel  says  the  company’s  first  product, 
the  iPolicy  4800,  introduced  in  the  spring, 
runs  at  2G  bit/sec, supports  500,000  simul- 
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taneous  connections  and  is  used  primar¬ 
ily  by  ISPs. 

The  latest  iPolicy  firewall-based  IPS  is 
intended  to  compete  against  products 


from  FortiNet,  TippingPoint  Technologies, 
Internet  Security  Systems,  Cisco  and 
Check  Point. 

Meeting  Professionals  International,  a 


trade  group  in  Dallas,  says  it  intends  to 
deploy  the  firewall-based  IPS.’Tt  can  give  us 
protection  from  worms  and  hackers,”  says 
A1  Noland,  director  of  IT.  88 
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■  LAN/WAN  SWITCHES  AND  ROUTERS 
B  ACCESS  DEVICES  m  SERVERS  ®  VPNS 
B  OPERATING  SYSTEMS  B  NETWORKED  STORAGE 
B  VOIP  B  WIRELESS  NETWORKS 


ForcelO  raises  the  10G  bar,  again 

New  line  cards  and  management  modules  double  Gig  and  10G  port  counts,  total  capacity. 


■  BY  PHIL  HOCHMUTH 

ForcelO  Networks  this  week  is  expected  to  refresh  its 
10G  switch  product  line,  doubling  the  switching  capacity 
and  port  densities  on  all  its  chassis. 

The  new  products  are  aimed  at  businesses  or  research 
centers  that  run  high-end  data  center  networks  with  hun¬ 
dreds  of  servers  attached  via  Gigabit  or  10G  Ethernet. The 
upgraded  management  modules  and  line  cards  for 
Force  10’s  switches  will  pack  up  to  672G  or  56  10G 
Ethernet  ports  into  a  chassis  that  supports  over  a  terabit 
and  a  half  of  total  capacity,  the  vendor  says. 

The  upgrades  include  new  management  and  port  mod¬ 
ules  for  ForcelO’s  E1200  switch  chassis, which  has  12  slots 
for  port  modules  and  two  slots  for  redundant  manage¬ 
ment  modules.The  six-slot  E600  and  three-port  E300  chas¬ 
sis  also  are  being  upgraded. 

Compared  with  its  first-generation  E-series  predecessor, 
each  respective  device  now  supports  double  the  back¬ 
plane  speed  (or  total  Gigabit  per  second  of  bandwidth 


each  device  can  move  —  see  graphic,  page  20). 

The  San  Diego  Supercomputing  Center  (SDSC)  can  use 
that  much  bandwidth.  The  center  is  part  of  the  Teragrid 
project  —  a  supercomputing  project  that  links  research 
data  centers  across  the  country  into  one  grid-computing 
infrastructure. 

Clusters  in  the  Teragrid  hosted  at  SDSC  consist  of  hun¬ 
dreds  of  servers  connected  via  Gigabit  Ethernet  to  a  sin¬ 
gle  E1200,  with  up  to  26  10G  Ethernet  ports  linking  the 
switch  to  other  switches  or  to  10G  servers  also  in  the  grid. 

SDSC  uses  10G  switches  from  Cisco,  Foundry  and 
ForcelO.  Boxes  from  Cisco  and  Foundry  Networks  had 
caught  up  to  ForcelO’s  over  the  last  year,  says  Nathaniel 
Mendoza,  a  network  technician  at  SDSC.  He  says  the  new 
ForcelO  line  cards  again  put  the  start-up  ahead  of  the 
more  established  players. 

“We’ll  be  adding  a  ton  of  capacity,  so  having  a  lot  of 
ports  that  are  line-rate  is  kej(  Mendoza  says.  He  says  the 
center  plans  to  consolidate  some  clusters  from  multiple 
switches  onto  a  single  E1200  with  over  600  nodes.  “You 


can’t  do  that  with  any  other  switches  I’ve  seen.” 

Besides  the  high  port  counts  and  backplanes,  Force  10  is 
touting  what  it  calls  line-rate, or  non-blocking, capabilities 
on  the  new  blades.  The  vendor  says  every  port  on  an 
E-series  switch  can  be  turned  on  at  full-duplex  speed 
without  overloading  the  switch  or  dropping  packets.  This 
was  the  case  in  Network  World  tests  last  year  on  ForcelO’s 
fist-generation  E1200  switch. 

“The  E1200  moved  traffic  at  line  rate  with  short, medium 
and  long  frames,”  wrote  David  Newman,  president  of 
Network  Test  and  a  member  of  the  Network  World  Global 
Test  Alliance.“In  all  our  baseline  tests,  the  E1200  did  not 
drop  a  single  frame.” 

ForcelO  says  its  new  E1200  line  cards  can  forward  up  to 
1  billion  packets  per  second  in  internal  tests.This  would 
double  the  performance  of  competing  Ethernet  switches 
such  as  Extreme’s  BlackDiamond  10K  and  Foundry’s 
MG8.  This  speed  also  would  top  core  Internet  router 
speeds,  such  as  Cisco’s  CSR-1  Internet  router,  which  can 

See  ForcelO,  page  20 


XOsoft  can  recover  failed 


■  NEC  last  week  introduced  a 
fault-tolerant  server.  The 

Express  5800/340-Hb-R  uses  two  or 
four  Xeon  processors  operating 
together  to  ensure  the  availability  of 
applications.  It  has  integrated 
100/1000G  bit/sec  Ethernet  adapters 
and  can  be  connected  to  external 
and  internal  storage.  The  server, 
which  runs  Windows  Enterprise 
Server  2003  and  Microsoft  Virtual 
Server  2003,  is  designed  for  data 
center  operation  and  consolidation. 
The  server  costs  $150,000. 

■  3Com  recently  announced  its 
Baseline  Switch  2816-SFP  Plus,  a 
16-port  10/100/1000M  bit/sec  switch 
that  includes  four  small  form- 
factor  pluggable  ports  for  Gigabit 
fiber  uplinks.  The  Layer  2  unman¬ 
aged  switch  is  aimed  at  small 
businesses  or  others  that  require 
lots  of  bandwidth  but  without 
advanced  management  and  switch¬ 
ing  intelligence  features.  The 
switch  costs  $900.  Single-mode  and 
multi-mode  fiber  SFP  ports  are 
available  separately. 


■  BY  DENI  CONNOR 

Storage  software  vendor  XOsoft  rolled 
out  data  protection  software  last  week  that 
the  company  says  lets  users  instantly  recov¬ 
er  from  application  failures. 

Enterprise  Rewinder  is  designed  for 
data  centers  that  need  to  ensure  avail¬ 
ability.  With  Rewinder,  if  an  application 
server  fails,  systems  administrators  can 
return  them  to  a  consistent  state,  the  com¬ 
pany  says. 

The  data  protection  software  consists  of 
agents  that  reside  on  application  and  file 
servers  and  a  management  interface  that 
lets  administrators  monitor  processes  run¬ 
ning  on  those  servers  and  manage  the  data 
recovery  if  necessary. 

The  product  would  be  used,  for  instance, 
if  corruption  occurred  during  mainte¬ 
nance  on  a  Microsoft  Exchange  database. 
With  traditional  back-up  or  replication 
technology,  the  entire  database  would 
need  to  be  restored.  With  Enterprise  Re¬ 
winder,  only  the  files  that  were  backed  up 
before  the  corruption  would  have  to  be 
recovered. 

Terrence  Chalk,  chairman  and  CEO  for 
managed  solutions  provider  Compulinx  in 
White  Plains,  N.Y.,  is  using  Enterprise 
Rewinder  to  manage  the  company’s  cus¬ 
tomer  data. 


XOsoft's  instant  recovery 


“Enterprise  Rewinder  has  a  very  easy-to- 
use  interface  that  lets  us  know  when  a 
server  has  gone  offline  and  recover  it 
quickly”  Chalk  says.“With  the  product  we 
can  protect  not  only  our  data,  but  that  of 
our  customers.”  Compulinx,  a  managed 
solutions  provider  for  small  and  midsize 
businesses,  has  250  servers  in  two  data 
centers  in  New  York. 

Enterprise  Rewinder  is  similar  to  software 
from  Revivio,  InMage, Troika  Networks  and 
Mendocino  Software.  While  Revivio, 
InMage  and  Troika  focus  on  data  recovery 
XOsoft  and  Mendocino  specialize  in  appli¬ 
cation  recovery 

“Recovering  application  servers  rather 


app  servers 


than  being  a  back-up  technology  is  the 
real  differentiation,”  says  Stephanie  Bala- 
ouras,  a  senior  analyst  for  The  Yankee 
Group.The  Rewinder  technology  is  appli¬ 
cation-aware.  XOsoft  has  worked  hard  to 
add  consistency  technology  for  applica¬ 
tions  like  Oracle.” 

XOsoft  expects  that  Enterprise  Rewinder 
will  work  with  existing  back-up  software. 
It  currently  works  with  Veritas  Software 
Backup  Exec.  The  company  has  applica¬ 
tion-aware  clients  for  Microsoft  Exchange, 
Microsoft  SQL  Server  and  Oracle  that  let  it 
recover  those  applications  when  they  fail. 

A  version  of  Enterprise  Rewinder  with 
support  for  10  servers  starts  at  $25,000  B 


A  sampling  of  companies  in  the  continuous  data  protection  market. 


Company 

Product  name 

Software/hardware 
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Mendocino 

Software 

RealTime 

Software 

Application-aware 

protection 

Revivio 

Continuous  Protection 
System 

Software  and  hardware 

Application-  and  data- 
aware  protection 

InMage 

Code  name  Amethyst 

Software 

Data  continuity  software 

Troika 

Networks 

Accelera  800 
and  1600 

Software  and  hardware 

Data  protection  and 
management 
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Intel  sets  sights  on 
parallel  processing 


■  BY  TOM  KRAZIT 

Intel  and  the  PC  industry  are  about  to  go 
through  a  major  change  in  the  way  client 
computers  are  designed,  built  and  market¬ 
ed,  said  Intel  President  and  COO  Paul 
Otellini  during  his  introductory  speech  at 
the  Intel  Developer  Forum  in  San  Francisco 
last  week. 

Otellini  officially  pronounced  the  mega¬ 
hertz  era  dead.  Intel  has  shifted  gradually 
over  the  past  two  years  from  its  former  mar¬ 
keting  strategy  based  on  ever-increasing 
clock  speeds  to  a  plan  that  improves  per¬ 
formance  with  new  features  and  technolo¬ 
gies.  The  company  will  focus  on  parallel 
processing  with  future  products,  Otellini 
said.This  will  include  multicore  processors, 
virtualization  technology  and  a  continua¬ 
tion  of  Intel’s  hyperthreading  technology 

Analysts  had  hoped  that  Intel  would  pro¬ 
vide  more  details  about  plans  to  introduce 
dual-core  processors  next  year,  which  it 
announced  in  May  Otellini  did  not  take  the 
bait,  declining  to  even  provide  the  code 
names  of  the  upcoming  processors.  He  did 
reiterate  that  the  company  would  intro¬ 
duce  dual-core  chips  for  desktops,  servers 
and  notebooks  in  2005,  with  most  of  the 
growth  coming  in  2006. 

However,  in  a  briefing  with  reporters  after 
his  speech,  Otellini  confirmed  that  Yonah 
will  be  the  code  name  for  Intel’s  first  dual¬ 


core  notebook  chip.  He  also  indicated  that 
more  details  about  the  dual-core  server 
chip  will  be  disclosed  this  week  but  that 
Intel  does  not  plan  to  talk  about  the  dual¬ 
core  desktop  chip  at  this  show. 

As  promised,  Intel  demonstrated  a  dual¬ 
core  processor.  An  Itanium  2  server  from 
Silicon  Graphics  was  shown  running  a 
weather  modeling  application  on  Monte- 
cito,  Intel’s  previously  disclosed  dual-core 
Itanium  2  processor.  Montecito  is  due  out 
in  2005. 

The  move  to  dual-core  processors  will 
proceed  much  faster  for  notebook  and 
server  processors,  Otellini  said.  More  than 
75%  of  Intel’s  2006  shipments  in  those  cate¬ 
gories  will  be  dual-core  chips, with  just  less 
than  half  of  all  desktop  chips  in  that  time 
frame  containing  two  cores. 

The  company  also  needs  to  address  what 
will  happen  to  the  per-processor  software¬ 
licensing  model  that  is  the  standard  for  most 
application  vendors,  said  Gordon  Haff,  an 
analyst  at  Illuminata.  It’s  unclear  what  will 
happen  to  that  model  as  chipmakers  intro¬ 
duce  products  with  multiple  cores  and  vir¬ 
tualization  technologies,  he  said. 

In  the  meantime,  Intel  will  continue  to 
bring  new  features  to  its  chips.  It  has  intro¬ 
duced  hyperthreading  and  64-bit  exten¬ 
sions,  and  plans  to  bring  virtualization  and 
security  features  to  its  chips.  Otellini 

See  Intel,  page  21 


ForcelO 

continued  from  page  19 

handle  960  million  packets  per  second, 
and  double  the  capacity  of  Juniper’sT640. 

ForcelO  says  its  use  of  small  form  factor 
Gigabit  Ethernet  ports  and  10G  Small  Form 
Factor  Pluggable  optics  let  more  ports  be 
crammed  onto  its  line  cards.  The  vendor 
says  these  blades  also  offer  protection 
against  network  failures  and  or  attacks  on 
switch  hardware,  Layer  2  packet  forward¬ 
ing,  Layer  3  switching  and  network  man¬ 
agement,  which  are  all  done  on  separate, 
redundant  processors  on  each  module. 
The  new  chassis  modules  include: 

•  Route  Processor  Module  (all  chassis): 
$30,000. 

•  A  four-port  10G  module  (E1200  and 
E600):  $48,000. 

•  A  48-port  fiber-based  Gigabit  Ethernet 
module  (El 200  and  E600):  $47,500. 

•  A  48-port,  copper-based  10/1 00/ 1 000M 
bit/sec  module  (El 200  and  E600): 


www.nwfusion.com 


$37,500. 

•  A  dual-port  10G  module  (E300): 
$27,500. 

•  A  24-port  Gigabit  Ethernet  module 
(E300):  $30,000. 

All  products  are  shipping  now.  ■ 


More  online! 

Tech  Tour  Audiocast:  Masterminding  the 
New  Data  Center 

Johna  Till  Johnson,  Network  World  columnist  and 
founder  of  Nemertes  Research,  offers  practical  advice 
for  structuring  what's  been  called  "The  New  Data 
Center." 

DocFinder:  1948 


Tour  de  force 


Upgrades  to  ForcelO’s  entire  E-series  switch 
line  are  targeted  at  high-end  enterprise  data 
centers. 


Slots 

Total 

capacity 

Gigabit 

ports 

10G 

ports 

El  200 

12 

1.68T  bit/sec 

672 

56 

E600 

6 

900G  bit/sec 

336 

28 

E300 

3 

400G  bit/sec 

126 

12  1 

Note:  All  ports  are  non-blocking,  according  to  ForcelO. 


E300 


I 


www.nwfusion.com 

infrastructure 

9/13/04 

NetworkWorld 

21 

MM  I  know  that  I  won’t  win  any 
m  I  IK  awards  for  the  mixed  meta- 
ll|  phor  that  headlines  this  col¬ 
umn.  But,  as  I  flipped  through  a  recent 
issue  of  The  Wall  Street  Journal  and  saw, 
first,  a  piece  about  Microsoft’s  woes  with 
Internet  Explorer  and  then  a  piece  about 
the  delay  of  WinFS  beyond  2006,  that  is 
what  came  to  mind. 

The  story  behind  the  story  in  both  cases, 
is  that  Microsoft  is  becoming  a  victim  of  its 
own  success. 

The  victory  over  Netscape  in  the  browser 
wars  left  Microsoft  with  virtually  all  of  the 
browser  market.  It  thus  became  the  sitting 
duck  —  target  of  choice  for  hackers  world¬ 
wide.  And  despite  Microsoft’s  best  efforts.it 
remains  the  leading  conduit  for  mischief 
and  mayhem  on  the  computers  of 
Microsoft  users  worldwide. 

Now  many  security  experts  —  with  no 
malice  toward  Microsoft  —  recommend 
switching  to  another  browser  just  to,  in 
effect, “move  into  a  better  neighborhood.” 
And  waiting  in  the  wings  (to  twist  the  duck 
metaphor  even  more)  is  a  re-energized, 
open  source  alternative  —  Mozilla  Firefox 
(www.nwfusion.com,  DocFinder:  3734). 

The  Mozilla  people  know  that  Job  No.  1  is 
stealing  market  share  from  Internet  Ex¬ 
plorer.  Taking  a  page  out  of  the  Microsoft 


Microsoft:  Sitting  duck  -  with  baggage 


playbook,  they’ve  helpfully  provided  easy 
import  of  Internet  Explorer  bookmarks, 
cookies,  etc. 

The  browser  is  to  today’s  applications  as 
the  3270  terminal  was  to  Enterprise  appli¬ 
cations  of  old.  In  fact, given  the  intelligence 
built  directly  into  the  browser,  it  is  an  even 
more  important  element  than  its  older 
counterpart. 

Unlike  the  complex  change  from  Micro¬ 
soft  Office  to,  say  Open  Office,  switching 
browsers  is  a  relative  snap.  There  are  no 
back-end  file  issues  to  worry  about,  and 
most  Web  sites  either  rely  on  a  common 
subset  of  capabilities  or  employ  scripts  to 
recognize  the  browser  type  and  thereby 
adjust  for  its  idiosyncrasies. 

There  is  a  lot  at  stake  here  for  Microsoft. 
Losing  control  of  the  ultimate  portal  soft¬ 
ware  will  undermine  the  company’s  ability 
to  promote  both  front-end  and  back-end 
“Microsoft-preferred”  technologies. 

For  starters,  Firefox  has  a  Google  search 
bar  built  in.  Given  Microsoft’s  stated 
intention  to  compete  in  this  arena,  this  is 
bad  news. 

Worse,  Microsoft  would  lose  the  ability  to 
control  “extensions”  to  the  browser.  By 
keeping  tight  reins  on  the  various  APIs  of  its 
products,  Microsoft  (unlike  IBM  in  the 
glory  days  of  the  mainframe)  has  been 
able  to  direct  (or  limit)  the  activities  of 
third-party  developers.  That  has  given  the 
company  enormous  power. 

Even  though  it  has  not  yet  reached 
Release  1 .0,  Firefox  boasts  some  145  exten¬ 
sions.  These  do  everything  from  control 
what  happens  to  ads  to  let  one  view  a 


page  written  using  Internet  Explorer-only 
attributes. 

On  the  trailing  edge,  Microsoft  continues 
to  wrestle  with  the  baggage  of  its  ancient 
file  system.  WinFS,  originally  promised  to 
arrive  with  Longhorn  in  2006,  will  arrive  at 
some,  more  distant,  unannounced  future 
date. 

Some  time  ago  Microsoft  apparently  real¬ 
ized  that  NTFS  (an  extension  of  the  origi¬ 
nal  8.3  “FAT”  file  structure  of  the  original 
MS-DOS)  had  reached  the  limits  of  what 
could  be  done  with  it. 

WinFS,  which  uses  a  database  as  its 
underlying  structural  element, would  get  us 
into  the  20th  century  (if  not  the  21st)  as  far 
as  file  systems  are  concerned. 


Intel 

continued  from  page  20 

demonstrated  a  digital  office  PC  that  could 
run  different  applications  and  operating 
systems  on  a  single  chip  with  Vanderpool, 
Intel’s  virtualization  technology 
Vanderpool  and  LaGrande,  Intel’s  code- 
name  for  a  digital-rights  management  tech¬ 
nology  will  not  ship  in  Intel  products  until 
Microsoft  releases  Longhorn,  Otellini  said. 
Longhorn,  the  next  generation  of  the 
Windows  operating  system,  is  expected  to 
be  released  in  2006. 

Otellini  also  discussed  the  Wi-Max  broad¬ 
band  wireless  technology,  a  development 
that  Intel  believes  could  help  bring  broad¬ 
band  Internet  to  areas  that  are  not  served 
by  fixed  broadband  lines.  Wi-Max  could 


But  a  massive  task  it  is.  I  wonder  if  Bill 
Gates  ever  reflects  on  the  fact  that  he  now 
has  to  deal  with  issues  that  IBM  had  to  deal 
with  25  years  ago.  Perhaps  Microsoft  should 
study  how  IBM  migrated  the  mainframe 
from  keyed  VSAM  files  to  relational  data¬ 
bases  in  the  1980s. 

I  was  an  IT  manager  during  that  time, and 
1  can  tell  you  that  it  wasn’t  a  pretty  sight. 
Moving  a  massive,  installed  user  base  of 
applications  truly  is  a  daunting  task.  But 
such  are  the  perils  of  success. 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  testing 
company  in  Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@toIly.com. 


have  the  same  effect  on  broadband 
deployment  that  cellular  phones  have  had 
on  the  deployment  of  fixed-line  phones, 
he  said. 

The  company  announced  that  samples 
of  its  first  Wi-Max  chip  are  shipping  to  net¬ 
working  companies.  Over  the  next  year, 
Intel’s  Rosedale  chip  will  appear  in  Wi-Max 
products  that  can  deliver  broadband  wire¬ 
less  signals  over  a  30-mile  range. 

Krazit  is  a  correspondent  with  the  IDG 
News  Service. 


Servers 

Subscribe  to  our  free  newsletter. 
DocFinder:  5434  www.nwfusion.com 


www.iss.net 


When  business  losses  are  measured  in  seconds, 
preemption  beats  “reaction  ”  every  time. 


The  only  effective  security  is  preemption.  This  preemptive  power  is  only  available  with  the  Proventia™  Security  Platform  from  Internet 
Security  Systems.  When  security  flaws  are  discovered  in  your  network  and  IT  assets,  Internet  Security  Systems'  world-renowned  research 
team  updates  Proventia  to  immediately  shield  you  before  attacks  are  released.  Proventia  keeps  you  off  the  path  to  disaster  by  preemp¬ 
tively  securing  your  entire  IT  infrastructure  with  a  unified  family  of  intrusion  prevention  and  vulnerability  management  products.  In  fact, 
when  we  manage  Proventia  for  you,  we'll  even  guarantee  protection.  Need  proof?  Get  your  free  whitepaper,  Preemptive  Protection: 
Setting  a  New  Standard  in  Security,  at  www.iss.net/proof/wp  or  call  800-776-2362. 
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Xerox  WorkCentre®  Pro  advanced  multifunction 
They’re  even  smart  enough  to  give  your  productivity 


The  advanced  thinking  built  into  the  Xerox  WorkCentre®  Pro 
family  makes  them  the  smartest  multifunction  citizens 
working  on  any  network.  They  don’t  just  scan,  copy,  fax,  and 


e-mail,  they  do  it  at  network  printing  speeds  up  to  3x  faster 
than  competition.  They  RIP  one  job  while  printing  another, 
so  work  gets  done  faster.  And  their  Enhanced  Service 


Learn  more:  xerox.com/office/244  For  a  sales  rep:  1-800-ASK-XEROX  ext.  244 
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systems  not  only  print  up  to  3x  faster  than  competition, 
a  colorful  new  twist.  There’s  a  new  way  to  look  at  it. 


Program  (ESP)  lets  you  fix  problems  before  they 
happen,  increasing  reliability.  And  now,  there’s 
color.  The  Xerox  WorkCentre®  Pro  40  prints  b&w 


at  40  ppm;  color  at  22  ppm.  It’s  one  more  way  our 
full  line  of  multifunction  systems,  printers,  and 
digital  copiers  help  you  get  more  out  of  your  network. 
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lata  compression. 

As  data  compression  evolves,  savings  grow 


■  BY  TIM  GREENE 

Data  compression  devices  have  been  around  for 
years,  but  in  their  latest  incarnations  they  use 
more  than  just  compression  technology  to  pack 
extra  data  onto  fixed-size  WAN  links  as  a  way  to  boost 
performance  and  save  money 
For  example,  International  stock  trading  firm 
Forex.com  uses  a  new  device  from  Internap  called 
FlowControl  Xcellerator  (FCX)  to  improve  performance 
on  the  Internet  link  used  to  back  up  data  from  its  Hong 
Kong  office  to  the  company’s  New  York  data  center. 

The  New  York  site  is  connected  to  the  Internet  by  a 
400M  bit/sec  line,  and  the  one  in  Hong  Kong  is  connected 
by  a  2M  bit/sec  line.  But  because  of  Internet  latency 
between  the  two  locations,  says  Brandon  Palmer, 
Forex.com’s  IT  director, “the  throughput  was  40K  bit/sec 
at  best.  It  took  16  hours  to  do  backup.” 

With  an  FCX  device  at  each  site,  performance  is  boost¬ 
ed  to  320K  bit/sec,  he  says,  reducing  back-up  time  to 
about  two  hours.  While  FCX  boxes  tinker  with  TCP  to 
improve  performance  and  don’t  use  traditional  com¬ 
pression,  Palmer  says  he  thinks  about  its  function  as 
compression  anyway  By  analyzing  WAN  performance, 
FCX  boxes  decide  whether  they  can  improve  through¬ 
put  by  overriding  TCP  before  it  can  throttle  traffic  or  by 
restoring  traffic  to  full  speed  faster  than  TCP  would.  If 
FCX  algorithms  produce  faster  response  times  for  appli¬ 
cations  than  TCPthen  the  devices  step  in. 

“What  I  see  appears  the  same  as  compression” he 
says.  With  the  price  of  a  pair  of  boxes  for  $20,000,  the 
payback  is  about  two  years,”  he  says. 

internap,  while  one  of  the  most  recent  vendors  of  WAN 
optimizing  gear,  is  far  from  the  only  one.  Competitors 
include  Expand  Networks,  FatPipe,  NetScaler,  Netli, 
Packeteer,  Peribit,  Riverbed  and  Swan  Labs.  Router  ven¬ 
dors,  many  of  which  offer  compression  as  a  feature,  can 
be  added  to  the  list. 

All  these  vendors  deploy  their  appliances  in  pairs  at 
both  ends  of  WAN  connections.  There  they  perform  a 
variety  of  functions  to  squeeze  more  out  of  fixed  links. 

Approaching  the  problem 

Many  vendors  come  at  the  problem  from  different 
angles.  Some, such  as  Expand, started  out  selling  tradition¬ 
al  compression  —  replacing  patterns  with  smaller  pat¬ 
terns  so  less  traffic  crosses  the  link.  Others,  like  Orbital 
Data,  use  the  fact  that  TCP  throttles  back  traffic  when 
faced  with  delay  then  builds  it  back  up  to  speed  very 
slowly  —  more  slowly  than  network  conditions  might 
warrant  —  when  the  perceived  congestion  clears.  Others, 
such  as  Riverbed,  look  at  applications  and  spoof  pre¬ 
dictable  back  and  forth  locally  in  the  appliance  rather 
than  have  the  full  conversation  cross  the  WAN.  Others 
shape  traffic  to  give  higher  priority  to  key  applications 
that  are  optimum  WAN  speeds. 

And  still  others  use  more  than  one  technique  and  claim 
effective  throughput  improvements  of  90%  or  more 
depending  on  the  type  of  data. 

Peter  Firstbrook, senior  research  analyst  with  Meta 
Group, says  by  making  efficient  use  of  expensive  interna¬ 
tional  lines,  these  devices  provide  near-immediate  pay¬ 


back  that  attracts  far-flung  corporations  as  customers. 

The  promise  of  cost  savings  is  prodding  service 
providers  such  as  TeleManagement  Systems  and  Midwest 
Data  Center  to  offer  compression  services  based  on  these 
devices.These  providers  say  they  can  save  customers 
enough  to  make  buying  a  managed  service  worthwhile 
and  still  leave  a  profit  margin  for  the  provider.  For  exam¬ 
ple,  Midwest  Data  Center,  a  storage  and  hosting  provider 
in  Rock  Port,  Mo., says  it  charges  $500  per  month  for  com¬ 
pression  using  gear  from  Swan,  which  bases  its  appli¬ 
ances  on  technology  it  bought  from  ITWorx.“It  provides 
600%  compression,” says  Rob  Lee,  Midwest’s  CTO.  One  cus¬ 
tomer  would  have  faced  buying  50M  bit/sec  more  band¬ 
width  for  backing  up  its  network  to  Midwest,  he  says,  so 
the  service  saves  it  more  than  $13,000  per  month. 


Swan  Labs  focuses  on  optimizing  higher  protocol  lay¬ 
ers  than  compression,  taking  into  account  the  features 
of  session  flows  and  application  features,  the  company 
says.  Other  vendors,  such  as  Expand,  rely  more  on  com¬ 
pression  but  mixed  with  other  techniques  to  speed  the 
performance  of  applications. 

It  sells  software  modules  that  boost  the  responsiveness 
of  particular  types  of  traffic  —  HTTP  FTRTCP  —  by 
caching  repetitive  traffic  locally.  So  rather  than  wait  for  a 
lengthy  response  to  cross  the  wire,  the  local  Expand 
Accelerator  appliance  generates  it. 

For  MinWest.a  bank  chain  in  Minneapolis,  the 
Accelerators  mean  better  performance  out  of  the  56K 
bit/sec  lines  connected  to  branch  offices  —  the  fastest 
lines  the  bank  can  afford  because  of  the  web  of  small 
local  phone  companies  that  supply  data  services,  says 
Scott  Olafson,  network  administrator  for  the  bank’s  data 
center  in  Monetvideo.Minn. 

“In  data  mining,  where  it  uses  a  lot  of  caching,  we  get 
almost  T-l  [1.5M  bit/sec]  performance,” Olafson  says. 
After  several  screens,  the  devices  recognize  the  template 
for  the  screens  as  repetitive  and  store  it  locally  They  pass 
along  the  wire  only  new  data  to  populate  the  next 
screen,  Olafson  says. 

Performance  of  other  types  of  traffic  such  as  FTP  im¬ 
proves  very  little.“We’re  still  stuck  with  a  56K  line,”  he  says. 


But  the  alternative,  replacing  the  56K  line  with  aT-I  would 
mean  a  jump  from  $86  per  month  to  more  than  $1,000 
per  month,  per  line.“It’s  just  not  cost-effective,”  he  says. 

Application  boost 

Other  vendors  try  to  optimize  bandwidth  use  among 
applications,  such  as  Packeteer,  which  approached  this 
area  from  the  traffic-shaping  angle,  and  then  broadened 
into  compression.  One  of  the  company’s  customers, 
Universal  Health  Services  in  King  of  Prussia,  Pa., says  it 
initially  wanted  Packeteer  boxes  to  determine  what  traf¬ 
fic  mix  was  moving  across  its  network.  Only  then,  says 
Linda  Reino.the  health  provider’s  CIO,  could  Universal 
figure  out  how  to  speed  up  its  existing  T-l  frame  relay 
network.“We  wanted  better  control  of  what  was  going 


over  our  given  bandwidth,”  Reino  says. 

Similarly  Peribit  customer  Per-Se,  a  medical  billing  firm 
in  Atlanta,  wanted  to  rate-limit  some  applications  and 
impose  QoS  on  traffic,  says  Dan  Wood,  director  of  net¬ 
working  and  telecom  for  the  company  “We  were  looking 
for  something  that  would  give  us  a  network-level  look 
and  would  do  something  about  it,”  he  says. 

In  monitor  mode,  the  boxes  discovered  Per-Se’s  billing 
application  could  be  70%  compressed,  with  traffic  over¬ 
all  averaging  58%  compression,  he  says.  With  Peribit 
Sequence  Reducer  appliances  in  place,  the  company 
saved  enough  in  10  months  to  pay  off  the  price  of  54 
units.The  performance  on  a  T-l  link  from  Atlanta  to 
Greenville, Texas,  was  so  improved  by  the  devices  that 
the  line  was  downgraded  to  a  512K  bit/sec  circuit, sav¬ 
ing  $1,200  per  month, Wood  says. 

Because  different  vendors  use  different  algorithms  and 
technologies,  determining  the  impact  of  any  given  ven¬ 
dors’  gear  is  key,  Firstbrook  says. 

The  mix  of  traffic  on  each  customer’s  network  is 
unique  — “it’s  like  a  fingerprint,”  he  says. So  the  type  of 
compression  gear  that  will  work  best  is  unpredictable. 
He  recommends  something  that  not  many  customers 
have  done:  try  out  boxes  that  use  different  technologies 
to  find  out  which  one  makes  the  most  significant 
improvements  for  a  particular  network.  ■ 


Better  use  of  bandwidth 


Compression  technologies  try  to  address  many  different  performance  problems  that  can  arise 
on  the  network. 


Chatty  applications  send 
lots  of  predictable,  back- 
and-forth  traffic  that  can 
be  anticipated  and  spoofed 
without  crossing  the  WAN. 
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The  WAN  connection  can  introduce 
latency  that  can  causeTCP  to 
throttle  back  send  rates  unneces¬ 
sarily  and  build  them  back  up  too 
slowly  when  latency  improves. 


Files  might  be  so  massive  that 
reducing  their  volume  by  replacing 
repetitive  patterns  with  shorter 
notation  —  compression  —  can 
dramatically  reduce  transfertimes. 


THE  IDEAL  I.T.  INFRASTRUCTURE: 
QUICKLY  ADAPTABLE, 
SUPREMELY  FLEXIBLE, 

NOW  ACHIEVABLE. 


Feeling  a  bit  skeptical  these  days?  It’s  perfectly  understandable. 


After  all,  integrating  those  “best  of  breed”  applications  into  your  IT  infrastructure 
turned  out  to  be  not  nearly  as  fast  or  foolproof  as  advertised.  And  capturing  their,, 
full  value,  as  well  as  the  full  value  of  your  entire  infrastructure, 
probably  still  seems  like  a  distant  goal. 

Given  the  circumstances,  you  did  everything 
you  could.  After  all,  you  were  handed  the  technological 
equivalent  of  a  drawerful  of  mismatched  socks  — 
very  expensive  socks. 

But  now  you  can  do  more  —  actually, 
quite  a  lot  more.  Read  on  and  find  out  how. 

THE  ACCELERATION  OF  EVOLUTION 

Remember  when  it  was  okay  for  businesses; 
to  evolve  slowly? 

Of  course  you  don’t.  Success  has  always 
been  about  speed:  the  speed  of  innovation,  the 
speed  of  implementation.  And  it  all  just  keeps 
getting  faster. 

Today,  markets,  customers  and  competi¬ 
tors  change  seemingly  overnight.  And  so  must 
your  business  processes  and  strategies. 

Unfortunately,  this  rapid  pace  ol  change 
has  exposed  a  fundamental  weakness  at  many 
businesses:  an  IT  infrastructure  that  can’t  evolve 
quickly  enough  to  take  advantage  ol  opportunities' 
or  respond  to  challenges. 

There  are  two  reasons  for  the  bottleneck. 
The  first  is  complexity.  By  the  time  a  new 
business  process  or  strategy  can  be  designed, 
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To  help  illustrate  just  how  much  money, 
we’re  introducing  a  new,  more  complete  way 
of  identifying  costs.  It’s  called  The  Complete 
TCO  Equation. 

COMPLETE  TCO  = 

the  cost  of  all  your  technologies, 
+  the  cost  of  all  your  applications 
+  the  cost  of  integrating  all  your 


built,  implemented  and  executed  technologically, 
the  window  of  opportunity  has  usually  closed. 

The  second  is  monetary.  Currently,  80% 
of  the  average  IT  budget  is  earmarked  for  operation 
and  consolidation.  Very  little  is  left  for  innovation. 
(Source:  SoundView  Technology  Group,  2003.) 

Can  your  business  afford  to  concede  opportu¬ 
nities  to  more  agile  competitors?  Of  course  not. 

Your  task  is  clear:  to  enable  your  company  to 
compete  and  win,  you  have  to  reduce  the  complexity 
and  cost  of  your  IT  infrastructure,  and  reallocate 
more  of  your  resources  toward  innovation. 

Fortunately,  there’s  a  technology  platform 
that  will  enable  you  to  fulfill  that  task.  It’s  called 
SAP  Net  We  aver.™ 

But  before  we  take  a  closer  look  at  what 
makes  SAP  NetWeaver  so  useful,  let’s  explore  what 
contributes  to  a  high,  and  skewed,  overall  TCO. 

THE  COMPLETE  TCO  EQUATION 

The  typical  IT  infrastructure  is  a  jumble  of 
disparate  technologies  (including  portals,  business 
intelligence,  knowledge  management,  etc.)  and 
applications  (both  legacy  and  best  ot  breed). 

Whether  you’re  integrating  your  applications 
into  a  portal  or  a  business  intelligence  solution, 
or  connecting  your  apps  with  the  integration 
broker,  it’s  costing  you  time,  money,  and  un¬ 
necessary  aggravation. 


From  this  point  of  view,  it’s  no  surprise 
that  integration  has  been  likened  to  a  sinkhole, 
draining  money  from  innovation  and  preventing 
your  business  processes  and  strategies  from  evolving 
as  quickly  as  they  need  to. 

But  what  if  you  could  transform  integration 
into  a  far  simpler,  less  expensive,  less  paintul  process  - 
no  matter  whose  technology  or  applications  you’re 
integrating?  Now  you  can  —  with  SAP  NetWeaver. 

SAP  NETlAfEAVER: 

ELIMINATING  HURDLES,  ENABLING  IDEAS 

Imagine  being  able  to  quickly  and  efficiently 
align  IT  with  your  business’s  needs,  to  drive  new 
strategies  for  growth  while  minimizing  risk  and 
cost,  to  compose  new  business  processes  on  top 
of  existing  systems. 


,  including  their  integration  into  a  single  platform 

ls,  including  their  integration  into  an  end-to-end  process 

•  technologies  with  all  your  applications 


It’s  all  possible  with  SAP  NetWeaver. 

SAP  NetWeaver  is  an  open,  standards- 
based  integration  and  application  platform  that 
greatly  reduces  the  complexities  of  integration. 
Its  components  include  a  portal,  an  application 
server,  business  intelligence,  and  integration 
and  data  consolidation  technologies. 

With  SAP  NetWeaver,  you  capture  the 
full  value  of  the  technology  you  already  have  in 
place,  and  pave  the  way  for  future  technology  — 
SAP  or  non-SAP. 

The  result:  an  opportunity  to  achieve 
significantly  greater  flexibility  at  a  far  lower, 
sustainable  TCO. 

Bottlenecks  disappear.  Timetables  are 
met.  Business  goals  are  achieved.  Your  entire 


IT  architecture  is  elevated  from  an  enabler 
of  work  into  an  enabler  of  change. 

For  current  SAP  customers,  there’s 
even  more  of  an  advantage:  SAP  NetWeaver 
comes  pre-integrated  for  SAP®  solutions, 
which  greatly  reduces  the  costs  associated 
with  systems  integration. 

But  SAP  customer  or  not,  there’s  one 
thing  that  should  be  clear:  of  all  the  software 
providers  in  business  today,  SAP  is  uniquely 
positioned  to  deliver  integrated  technologies 
and  technologies  integrated  with  applications. 

If  that  concept  piques  your  interest,  we 
suggest  you  visit  sap.com/netweaver  where, 
we  hope,  your  curiosity  will  be  integrated 
with  our  solutions. 


WONDERING  WHAT  SAP  NETWEAVER 
CAN  DO  FOR  YOU? 

SEE  WHAT  IT  DID  FOR  THEM 
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The  success  of  Check  Point  Software 
Technologies  Ltd.,  the  world’s  leading  developer 
of  firewall  software,  was  founded  on  innovative 
Web  service  applications,  which  it  used  to  sup¬ 
port  a  global,  third-party  channel  that  delivered 
one  hundred  percent  of  the  company’s  sales. 

But  success  had  a  price:  its  central  IT 
department  was  spending  too  much  time  main¬ 
taining  the  large  number  of  applications.  What’s 
more,  their  IT  infrastructure  was  a  dizzying  mix 
of  different  application  servers,  development 
tools,  and  open  source  components. 

Using  SAP  NetWeaver  —  and,  more 
specifically,  SAP  Enterprise  Portal  and  SAP 
Web  Application  Server  —  Check  Point  was  able 
to  immediately  consolidate  its  Web  services 
infrastructure,  doubling  central  IT’s  applica¬ 
tion  development  productivity.  Within  a  year 
and  a  half,  Check  Point  saw  an  ROI  of  586% 
based  on  IT  productivity  increases  and  swifter 
rollouts.  The  consolidation  also  allowed  Check 
Point  to  reduce  the  number  of  servers  running 
their  Web  service  applications  from  11  to  3. 
Over  five  years,  Check  Point  expects  a  23% 
reduction  in  TCO. 

Carl  Zeiss,  a  leading  optical  component 
manufacturer  with  14,000  employees,  needed  to 
find  a  way  to  evolve  more  quickly.  Consolidation 
among  optical  chains  was  creating  new,  ever- 
larger  customers,  resulting  in  management 


scenarios  of  greater  complexity  and  delays  in 
order  processing. 

Using  SAP  NetWeaver,  Carl  Zeiss  was 
able  to  integrate  multiple  systems  around  the 
needs  of  their  customers,  developing  individual 
logistics  strategies  for  each  chain.  As  a  result, 
custom  orders  and  changes  are  now  accommo¬ 
dated  more  easily.  And  the  time  it  takes  to 
integrate  a  new  customer  into  the  system  has 
dramatically  decreased. 

Besides  gaining  more-satisfied  cus¬ 
tomers,  Carl  Zeiss  reduced  the  average  cost 
per  integration  interface  by  50%. 
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Sasol,  a  holding  company  for  nearly 
fifty  separate  chemical  and  fuel  businesses 
around  the  world,  had  consolidated  all  of 
its  core  operational  software  around  SAP. 
However,  it  still  faced  the  challenge  of  properly 
managing  a  widely  dispersed,  and  culturally 
diverse,  workforce. 

Using  SAP  NetWeaver,  Sasol  was  able 
to  create  an  enterprise-wide  information 
portal  for  collaboration  and  communications 
between  employees  of  different  divisions, 
greatly  increasing  the  company’s  ability  to 
meet  strategic  corporate  goals.  The  portal  also 
served  to  coordinate  business  processes  for  HR, 
production  planning,  and  production  work 
flow  across  Sasol’s  various  business  units. 

The  financial  results  were  impressive, 
with  an  ROI  over  five  years,  after  tax,  of  453%. 
But  even  more  importantly,  thanks  to  SAP 
NetWeaver,  Sasol  was  able  to  become  a  truly 
global  player. 


WANT  TO  KNOW  MORE? 
VISIT 
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‘Google-mania’  ignites  search  technology 


There’s  no  shortage  of  vendors  looking  to  ease  enterprise  information  retrieval. 


■  BY  ANN  BEDNARZ 

The  fervor  around  Googles  summertime 
PO  has  turned  search  technology  into  a 
not  commodity.  Vendors  with  tools  for 
searching  corporate  intranets  and  Web 
sites  are  trying  to  capitalize  on  the 
moment.  Microsoft,  too,  has  added  to  the 
search  mania  with  its  rumblings  about 
forthcoming  technology  for  searching 
desktop  resources. 

If  there’s  one  thing  all  the  par¬ 
ties  can  agree  on,  it’s  the  need 
to  make  it  easier  for  users  to 
ind  stuff. 

Half  the  time  information  retrieval  tech¬ 
nology  fails  to  find  what  users  are  looking 
or,  according  to  Delphi  Group.  Among  300 
respondents  to  a  recent  Delphi  survey  60% 
said  it’s  easier  to  find  work-related  informa¬ 
tion  today  than  it  was  two  years  ago.  But 
58%  said  it’s  still  a  difficult  and  time-con¬ 
suming  task.  On  average,  respondents 


spend  between  two  and  four  hours  each 
day  using  computers  to  search  for  work- 
related  information. 

Adding  to  the  complexity  is  the  state  of 
corporate  data.  Until  recently,  structured 
databases  controlled  much  of  the  informa¬ 
tion  flow, says  John  Rueter.vice  president  of 
marketing  at  search  technology  vendor 
Fast  Search  &  Transfer  (FAST).  But  today 
databases  only  account  for  20%  of  the  in¬ 
formation  in  an  organization, 
he  says.  The  other  80%  is  un¬ 
structured  —  including  text 
documents,  HTML  pages, e-mail 
and  instant  messages. 

Today’s  crop  of  enterprise  search  ven¬ 
dors  aims  to  address  all  these  disparate 
sources.  Some  of  the  myriad  players  spe¬ 
cializing  in  search  and  retrieval  include 
Autonomy  Convera,  Endeca,  FAST,  iPhrase, 
Mercado  and  Verity  Database  vendors 
such  as  IBM  and  Oracle,  along  with  busi¬ 
ness  application  vendors  such  as  SARalso 


offer  search  products. 

All  this  attention  signals  a  second  coming 
of  sorts  for  search  technology  There  was 
lots  of  noise  when  Excite,  Infoseek  and 
Lycos  first  started  peddling  tools  for  search¬ 
ing  and  navigating  Web  content.  But  this 
time  the  attention  is  on  organizing  and  re¬ 
trieving  information  scattered  among 
enterprise  network  sources. 

Enterprise  search  technology  has 
matured  in  the  past  few  years,  says  Carl 
Frappaolo,  executive  vice  president  at 
Delphi  Group.  Some  products  incorporate 
artificial  intelligence  and  natural  language 
processing,  so  users  can  express  queries  in 
everyday  language,  for  example.  Others 
can  automatically  generate  taxonomies  to 
organize  content. 

The  goal  is  efficiency“Whether  I’m  a  man¬ 
ager  or  a  customer  or  a  worker  bee,  I  can 
easily  and  definitively  determine  if  there’s 
anything  known  by  this  company  that’s  rel¬ 
evant  to  what  I  need  right  now.  That’s  what 


search  technology  is  really  all  about  — 
speed  to  awareness,”  Frappaolo  says. 

But  experts  agree  that  getting  there  is  no 
easy  feat.To  start,  companies  need  to  figure 
out  what  they  need. 

It  seems  obvious,  but  companies  need  to 
clearly  define  the  content  users  will  be 
going  after  and  determine  how  much  assis¬ 
tance  from  search  engines  is  required, 
Frappaolo  says.  Finding  data  is  not  too  dif¬ 
ficult  if  users  have  a  good  idea  of  what 
they’re  looking  for  —  such  as  querying  a 
structured  data  source  to  identify  all  clients 
who  spent  more  than  $50,000,  or  an  un¬ 
structured  source  to  find  all  the  emails 
containing  the  word  “corruption,"  he  says. 
Things  get  sticky  when  queries  involve  a 
range  of  values,  spelling  approximations 
and  synonyms  —  and  cross  multiple  repos¬ 
itories  and  data  types. 

In  the  past,  companies  tended  to 
deploy  search  applications  in  specific 
See  Google-mania,  page  26 
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■  Symantec  last  week  introduced 
Norton  AntiVirus  2005,  the  new 

version  of  its  anti-virus  software, 
adding  an  “outbreak  alert”  notification 
that  delivers  information  about  new 
virus  and  worms  on  the  Internet.  The 
Windows-based  software,  which 
costs  about  $30,  also  will  block  some 
worms  by  blocking  inbound  ports. 
Symantec  also  introduced  Norton 
AntiSpam  2005,  which  can  identify 
fraudulent  e-mail  addresses  and  filter 
out  sexually  explicit  spam.  AntiSpam 
2005  costs  about  $40. 

■  Cybernet  Systems  last  week  intro 
duced  NetMax  Professional  5.0, 

the  latest  version  of  its  Linux  soft¬ 
ware.  Version  5.0  features  a  Red  Hat- 
based  Linux  server  that  is  pre-config- 
ured  to  provide  Apple/PC/Unix  file 
sharing,  e-mail,  Web  page  serving,  and 
firewall  security.  NetMax  5.0  includes 
the  Apache  Web  server  and  is  pre- 
loaded  on  HP  and  Toshiba  servers. 
NetMax  5.0  costs  $231. 


Vintela  upgrades  policy  mgmt  package 


■  BY  JOHN  FONTANA 

Vintela,  which  develops  software  that  in¬ 
tegrates  Windows  and  Unix  environments, 
this  week  will  release  a  tool  that  provides 
customers  Windows-centric,  policy-based 
management  for  clients  and  servers  on 
either  platform. 

Vintela  Group  Policy  (VGP)  extends  the 
group  policy  features  of  Microsoft’s  Active 
Directory  to  Unix  and  Linux  desktops  and 
servers.  The  tool  helps  administrators  cre¬ 
ate  a  consistent  set  of  configuration  poli¬ 
cies  for  computers  and  manage  those  from 
a  central  console. 

Microsoft’s  group  policy  supports  the 
configuration  of  clients  and  servers  using 
Active  Directory  to  store  the  policies  for 
such  tasks  as  file  or  application  permis¬ 
sions,  logon/logoff  scripts  and  startup/shut¬ 
down  scripts.  Administrators  target  a  set  of 
desktops  or  servers,  and  the  policies  are 
pushed  out  to  automatically  configure  the 
target  system. 

VGP  broadens  Microsoft  infrastructure  to 
include  Unix  and  Linux.  VGP  works  with 
Vintela  Authentication  Services  (VAS), 
which  extends  Windows  authentication  to 
Unix  and  Linux. 


Windows  and  Linux 
on  the  rise 

Windows  and  Linux  together 
will  make  up 

53% 

of  server  sales  by  2008,  up 
from  37%  today,  according 
to  IDC. 


Vintela  also  is  shipping  its  new  VAS  2.6 
platform  this  week,  which  on  top  of  sup¬ 
port  for  VGP  includes  a  new  software  devel¬ 
opment  kit  for  building  applications.  The 
company  also  has  added  support  for  five 
new  platforms:  AIX  64-bit,  AIX  5.1  and  5.2, 
Solaris  9  on  x86  and  Solaris  2.6  on  SPARC. 

“Microsoft  thinks  Vintela  is  a  key  answer 
to  the  interoperability  questions,” says  John 
Enck,  an  analyst  with  Gartner.Those  ques¬ 
tions  come  from  critics  who  say  Microsoft 
has  yet  to  define  how  Windows  will  work 
with  other  platforms  in  a  distributed  com¬ 
puting  environment. 


“The  core  Vintela  stuff  with  Active 
Directory  and  Group  Policy  is  very  slick, 
and  they’ve  done  a  good  job  with  it,” 
Enck  says. Vintela  is  the  only  vendor  pro¬ 
viding  such  integration  technology,  but 
he  says  others  are  on  their  way  in  the 
next  six  to  eight  months,  although  he 
would  not  elaborate. 

But  Vintela  isn’t  waiting  for  anyone  to 
catch  up.  VGP  is  the  latest  piece  of  the 
Vintela  Integration  Architecture  and  the 
third  product  in  the  Vintela  lineup. 

“The  use  of  group  policy  shows  the 
depth  of  our  integration,”  says  Matt 
Peterson,  CTO  ofVintela.“Everything  looks 
like  it  belongs  in  the  Windows  environ¬ 
ment.  We  do  everything  in  Unix  that  you 
would  expect.” 

VGP  features  three  Group  Policy  Editor 
extensions  that  let  users  make  any  config¬ 
uration  changes  on  a  Unix  host  for  any 
application.  VGP  also  includes  native  sup¬ 
port  for  Unix  conventions  such  as  generic 
scripting,  file  copy  and  permissions,  as 
well  as  Unix  administrative  controls  such 
as  sudo  and  cron.  The  software  also  in¬ 
cludes  configuration  management  con¬ 
trols  forVAS-enabled  Unix  hosts  including 
logon  access  control.* 
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The  next  phase  of  municipal  network¬ 
ing  might  be  upon  us.  Philadelphia 
is  exploring  whether  to  join  a  hand¬ 
ful  of  other  municipalities  already  offer¬ 
ing  Wi-Fi  Internet  connectivity  to  citizens 
and  travelers.  Any  potential  health  issues 
aside,  this  trend  bodes  well  for  users,  but 
I  wonder  if  the  trend  suddenly  will 
be  stopped  in  the  name  of  protecting 
consumers. 

Late  last  month,  Philadelphia  Mayor  John 
Street  announced  the  appointment  of  an 
executive  committee  for  “Wireless  Phil¬ 
adelphia”  (see  www.nwfusion.com,  Doc- 
Finder:  3727). This  committee  is  supposed 
to  work  with  Philadelphia  CIO  Dianah  Neff 
to  come  up  with  a  business  plan  for  pro¬ 
viding  city-wide  Wi-Fi  for  free  or  at  a  very 
low  cost  to  users.  This  would  be  great  for 


Unwiring  cities 

people  wandering  around  Philadelphia  or 
sitting  in  a  hotel  or  coffee  shop,  but  it  might 
present  a  bit  of  a  challenge  to  commercial 
providers  of  wireless  hot-spot  service  such 
asT-Mobile. 

Philadelphia  is  not  the  first  city  to  think 
of  doing  this.  Cleveland,  working  with 
Case  Western  Reserve  University,  already 
has  deployed  more  than  1,500  wireless 
access  points  downtown.  This  is  only  the 
first  stage  of  the  OneCleveland  project, 
which  eventually  will  “connect  more  than 
1,500  institutions  and  organizations  and 
every  member  of  the  community  to  the 
Internet,”  according  to  a  description  of  the 
project  (DocFinder:  3728).  Information 
about  many  other  similar  projects,  in  the 
U.S.  and  elsewhere,  can  be  found  on  the 
MuniWireless  Web  site  (www.muniwire 
less.com). The  projects  vary  in  scale  and 
cost  to  the  user,  but  have  one  thing  in 
common:  They  are  government-spon¬ 
sored  in  some  way 

I’ve  written  about  municipally  sponsored 
networking  in  the  past  (DocFinder:  3729), 
and  I  think  that  such  projects  might  play  an 


important  role  in  providing  high-speed 
Internet  connectivity  in  what  I  hope  will  be 
the  future  of  the  Internet  and  Internet  ser¬ 
vice.  It’s  very  important  that  ISPs  not  restrict 
what  applications  their  subscribers  can 
run  or  what  locations  they  can  go  to. This  is 
important  because  it  was  this  type  of  open¬ 
ness  that  brought  us  the  explosive  growth 
in  Internet  applications  and  uses  over  the 
past  decade.  But  this  same  openness 
means  that  ISPs  are  providing  commodity 
service  and  might  find  it  hard  to  make 
much  money  Under  these  conditions  an 
ISP  might  be  tempted  to  restrict  users  to 
services  that  the  ISP  provides  and  can 
charge  extra  for.  This  is  where  municipally 
sponsored  networks  can  help;  they  do  not 
need  to  make  a  profit  so  they  can  keep  the 
pipe  open. 

Not  everyone  likes  municipal  networks, 
especially  incumbent  telephone  and 
cable  companies. They  tend  to  think  it’s  a 
bit  unfair  that  municipal  networks  do  not 
have  to  pay  taxes  but  instead  are  some¬ 
times  subsidized  by  the  taxes  the  incum¬ 
bents  pay 


Some  states  have  sided  with  those  who 
think  it’s  unfair  and  have  banned  such  net¬ 
works.  Last  June  the  Supreme  Court  said 
that  there  was  nothing  in  U.S.  telecom  law 
that  prevented  states  from  doing  this 
(DocFinder:  3730). 

Even  though  publicly  owned  infrastruc¬ 
ture  might  be  the  best  way  to  provide 
future  Internet  service,  maybe  with  com¬ 
mercial  ISPs  using  that  infrastructure  to 
offer  their  own  service,  I  expect  there  will 
be  a  full-court  press  to  get  more  states  to 
prevent  municipalities  from  doing  what  is 
best  for  their  citizens.  I  also  predict  that 
the  pressure  will  succeed  in  too  many 
places. 

Disclaimer:  Sometimes  being  old  can 
help.  Limits  on  Massachusetts’  authority 
over  Harvard  are  written  into  the  state  con¬ 
stitution  (see  Article  V  Section  I  at  Doc¬ 
Finder:  3731).  But  the  above  lament  of  gov¬ 
ernmental  power  is  my  own  opinion. 


Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sob.com. 


Google-mania 

continued  from  page  25 

departments  to  retrieve  informa¬ 
tion  from  single  repositories. 
Now  companies  are  realizing 
they  need  a  search  platform  that 
cuts  across  an  entire  company 
and  can  search  structured  and 
unstructured  sources,  FAST’s 
Rueter  says. 

Likewise  corporate  mergers  and 
acquisitions  are  driving  search 
upgrades,  Rueter  says.  “Organ¬ 
izations  that  are  consolidating 
need  to  find  ways  to  effectively 
integrate  information,  and  they’re 
looking  at  search  as  a  way  to  inte¬ 
grate  all  this  information  quite 
rapidlyf  he  says. 

Gregory  Smith,  CIO  at  the  World 
Wildlife  Fund  (WWF),  recom¬ 
mends  trying  before  you  buy  The 
conservation  organization  in 
Washington,  D.C.,  uses  Verity’s 
Ultraseek  software  to  power 
search  capabilities  across  its  Web 
site.  After  traffic  increased  63% 
from  2002  to  2003,  the  WWF  em¬ 
barked  on  a  site  redesign  that  in¬ 
cluded  investing  in  new  search 
technologies. 

“Our  new  redesigned  site  is 
highly  dynamic.  So  we  wanted  to 
capture  that  dynamic  content, 
and  more  importantly,  have  the 
ability  to  drill  into  the  detail  and 
the  superset  of  database  content 
to  include  in  searchable  content 
catalogs,” Smith  says. 

Although  most  search  engines 
can  handle  dynamic  content 
that’s  cached,  WWF  wanted  to 
make  sure  the  search  technology 


it  deployed  could  handle  not  only 
a  subset  of  underlying  databases, 
but  also  delve  into  the  databases 
themselves,  Smith  says.  He  trialed 
many  technologies  before  settling 
on  Verity’s  platform. 

Beware  of  Google-mania 

Users’  elevated  expectations 
also  are  adding  to  the  challenge 
of  implementing  an  enterprise 
search  platform.  Google  did  more 
than  just  have  a  healthy  IPO;  it 
raised  the  bar.  Now  users  expect  it 
to  be  just  as  easy  to  query  corpo¬ 
rate  resources  as  it  is  to  search  the 
Web.  “Google  did  a  good  job  of 
setting  a  benchmark.  If  nothing 
else,  it’s  heightened  user  aware¬ 
ness  of  what  search  is  all  about 
and  how  easy  it  should  be,” 
Frappaolo  says. 

Despite  the  consumer  appeal  of 
Google,  experts  caution  compa¬ 
nies  not  to  get  swept  away  by 
brand  recognition. Google’s  domi¬ 
nance  in  Internet  search  doesn’t 
automatically  secure  its  place  in 
corporate  search. 

Distinguishing  between  intranet 
and  Internet  search  requirements 
is  critical.  Techniques  for  mining 
information  on  the  Web  aren’t  al¬ 
ways  applicable  to  the  corpora¬ 
tion.  For  example,  in  the  Internet 
search  world,  document  populari¬ 
ty  is  an  important  measure  of  rel¬ 
evancy  That’s  not  always  the  case 
in  an  enterprise  intranet,  where  in¬ 
formation  is  stored  in  myriad  sys¬ 
tem  types  with  deliberately  vary¬ 
ing  degrees  of  accessibility“In  an 
enterprise  environment,  you  need 
to  know  who’s  looking  and  what 
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Search  and  retrieval 

Enterprise  search  is  a  complex  animal.  Don't  expect 
instant  gratification,  experts  say. 

Challenges: 

• 

Linking  structured  and  unstructured  data  repositories. 

• 

Getting  Google-like  simplicity  in  an  enterprise  search  rollout. 

• 

Finding  search  tools  that  match  user  requirements,  skill  levels. 

Strategies: 

• 

Consolidate  fragmented  search  deployments. 

• 

Dedicate  resources  to  regularly  tune  search  engine  results. 

• 

Before  buying,  test  drive  search  tools  to  learn  how  the  appli- 

V _ 

cation  logic  works. 
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they’re  allowed  or  not  allowed  to 
see"  says  Andrew  Feit,  senior  vice 
president  of  marketing  at  Verity 

And  searching  by  keyword  isn’t 
always  appropriate.  AMR  Re¬ 
search  uses  technology  from 
Autonomy  to  help  make  its 
scores  of  research  documents 
easy  to  navigate.  It’s  a  task  made 
more  difficult  because  AMR’s 
content  often  contains  similar 
words  and  phrases  —  such  as 
“supply-chain  management”  or 
“logistics.” 

In  its  case,  “the  same  keywords 
show  up  in  every  document  we 
produce,”  says  Scott  Lundstrom, 
CTO  at  AMR.  Instead  of  relying  on 
keyword  matches,  the  Autonomy 
software  uses  pattern-matching 
techniques  to  understand  the 
meaning  and  significance  of  in¬ 
formation,  and  then  determine 


relevancy 

National  Semiconductor  has 
a  unique  perspective  on  what 
works  best  internally  vs.  on  a 
Web  site.  The  company  uses 
Google’s  new  enterprise  search 
appliance  internally  for  searches 
of  its  intranet,  and  software  from 
iPhrase  for  searches  of  its 
Web  site. 

“The  Google  appliance  is  very 
good  for  massive  scope.  It’s  good 
at  crawling  an  intranet  of  gargan¬ 
tuan  proportions  and  coming  up 
with  very  good  search  results 
lists.  It’s  got  great  tonnage.  But 
that’s  about  where  it  stops,”  says 
Phil  Gibson,  vice  president  of 
Web  business  and  salesforce 
automation  at  the  Santa  Clara 
company. 

For  its  part,  iPhrase  delivers  a 
strong  semantic  natural  lan¬ 


guage  search  engine  for  han 
dling  information  in  any  format, 
structured  and  unstructured.  “It 
has  a  highly  tunable  semantic 
dictionary  that  we  customize  for 
our  customer  base,  our  industry 
our  applications,  in  our  own  sort 
of  dialect,”  Gibson  says. 

Flexibility  was  a  key  reason 
National  Semiconductor  went 
with  iPhrase  for  its  Web  site  plat¬ 
form. Visitors  to  the  semiconduc¬ 
tor  maker’s  Web  site  can  search 
from  among  more  than  15,000 
devices,  each  with  about  300 
parameters.  A  newcomer  might 
not  know  the  company’s  naming 
conventions,  but  might  have  very 
specific  electrical  characteristics 
in  mind. To  let  users  navigate  the 
way  they  wish  to,  National  offers 
up  to  10  different  search  inter¬ 
faces  that  let  users  describe 
queries  in  sentences,  for  exam¬ 
ple,  or  type  in  electrical  charac¬ 
teristics,  or  navigate  three-dimen¬ 
sional  parts  diagrams. 

From  the  perspective  of  a  Web 
visitor,  all  the  interfaces  look  like 
distinct  tools.  But  the  underlying 
technology  platform  is  all 
iPhrase  —  rather,  it  will  be  once 
National  Semiconductor  finishes 
the  migration  from  its  home¬ 
grown  search  applications  to  the 
iPhrase  infrastructure. 

“We  have  very  different  audi¬ 
ences,  so  we  need  different 
search  engines  that  go  after  the 
same  infrastructure  in  very  differ¬ 
ent  ways,”  Gibson  says.  “The 
iPhrase  software  is  the  only  thing 
that’s  been  able  to  really  do  that 
in  a  highly  tunable  fashion.”  ■ 
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Secure  your  business  with  Check  Point  Express. 

Your  business  deserves  the  best  security  solution  available  today:  Check  Point  ExpressT  Designed  for  companies  with 
100-500  employees,  Check  Point  Express  protects  your  business  with  the  same  superior  firewall  and  VPN 
technology  that  secures  97  of  the  Fortune  100.  Yet  it’s  priced  right  for  mid-size  businesses.  With  Check  Point  Express, 
you’ll  get  performance  you  can  always  rely  on,  and  security  you  don’t  have  to  worry  about.  Its  unique  features  include 
intelligent  network  and  application-level  protection.  And  its  intuitive  interface  simplifies  every  aspect  of  security 
management.  There  is  no  better  way  to  secure  your  critical  network  resources  and  connect  remote  users  and  sites. 
See  for  yourself.  Compare  Check  Point  Express  to  competing  offerings  at  www.checkpoint.com/compareexpress. 

Check  Point  Express  comes  pre-installed  on  appliances  from  Sun  and  Nokia 
and  runs  on  open  servers  from  Dell,  IBM,  and  other  leading  manufacturers. 
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Manage  all  your  remote-user  stress  away — with  simplicity,  security,  and  savings.  Now,  no  matter  what  type  of 
remote  user  you're  supporting,  you  have  an  easy  answer.  GoRemote.  Named  "a  visionary  market  leader"  in  Gartner's 
latest  Magic  Quadrant,  GoRemote  streamlines  mobile,  teleworker,  and  branch-office  connectivity  for  over  1,700 
enterprise  customers  worldwide.  Our  GoRemote  Global  Network™  is  the  world's  largest  and  eliminates  the  security 
concerns,  expense  issues,  and  hassle  factors  plaguing  today's  accessible-from-anywhere  enterprises.  Don't  take  our 
word  for  it.  See  what  Gartner  says.  Download  the  report  "U.S.  Managed  Remote-Access  1H04:  Leaders,  Visionaries" 
today — and  start  putting  yourself  back  in  control  once  and  for  all.  Visit  http://www.GoRemote.com/nw  or  call  408.965.1 168 
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VoIP:  Just  what  the  doctor  ordered 


BY  DENISE  PAPPALARDO 


A  call  for  savings 


Old  PBXs  and  a  high  volume 
of  toll  calls  between  22  facilities 
forced  Queens-Long  Island 
Medical  Group  to  find  a  better 
voice  system. 

“We  were  looking  to  reduce 
our  existing  phone  bills  by  40% 
to  50%,  just  on  the  service  side,” 
saysStefanie  Bruemmer,  IT  direc¬ 
tor  for  the  Garden  City  N.Y,  firm, 
which  issued  its  RFP  in  Dec¬ 
ember.  “We  weren’t  even  sure  we 
were  going  to  use  VoIP  but  con¬ 
sidered  it  as  one  of  our  options.” 

But  VoIP  has  turned  out  to  be 
the  cure  for  QLIMG’s  telecom 
woes. 

IP  Business  Solutions,  a  com¬ 
pany  that  resells  Level  3  Communica¬ 
tions  services  to  businesses,  was  one  of 
the  vendors  that  answered  the  medical 
group’s  call.  The  supplier  won  QLIMG’s 
business  with  Level  3’s  (3)Tone  Busi¬ 
ness  hosted  VoIP  service,  which  elimi¬ 
nates  the  cost  of  deploying  and  main¬ 
taining  IP  PBXs  in-house.  The  service 
offers  traditional  PBX  features  such  as 
four-digit  dialing  while  doing  away  with 
toll  charges  by  avoiding  the  public 
switched  telephone  network  and  send¬ 
ing  all  interoffice  calls  over  the  Internet. 
This  was  a  big  sell  for  Bruemmer. 

“In  the  TDM  world  every  call  between 
sites  was  a  toll  call,”  she  says.  As  the 
majority  of  the  group’s  calls  are  be¬ 
tween  locations,  the  group’s  phone  bills 
are  substantial. 

The  medical  firm  had  an  “antiquated” 
Avaya  TDM  system  that  she  says  was 
probably  bought  in  the  1980s. 

“Our  system  was  so  outdated  it  would 
have  cost  about  $1  million  just  to  deploy 
newT-1  [voice  circuits]  at  all  of  our  loca¬ 
tions,”  which  would  have  been  necessary 
to  support  a  new  PBX  system,  she  says. 

Enter  VoIP 

The  medical  group  considered  an 
MCI  VoIP  service,  but  “there  were 
tremendous  hidden  costs  to  [using 
MCI’s]  softswitch”  Bruemmer  says.  She 
says  MCI  service  charges  an  additional 
cost  for  every  incoming  call,  in  addition 
to  a  flat  monthly  fee,  but  Level  3  does 


Queens-Long  Island  Medical  Group  says  its  hosted  VoIP  network  boasts  PBX-like  features  and  reduces  toll  charges  by  sending 
interoffice  calls  over  the  Internet  instead  of  the  PSTN. 


©  A  call  from  QLIMG’s  headquarters 
originates  on  the  LAN,  which  is  out¬ 
fitted  with  SIP  phones. 


€>  The  call  is  routed  overaT-3  to 
a  Verizon  central  office,  which 
hands  it  off  to  Level  3’s  network. 


Softswitches  direct  calls  over  Level  3’s 
Internet  backbone  if  they’re  headed  to 
other  QLIMG  offices  or  overthe  PSTN 
if  they’re  going  outside  the  company. 


QLIMG  headquarters 


not  charge  for  each  incoming  call. 

Bruemmer  says  she  choose  Level  3’s 
VoIP  offering  because  it  is  cost  effective 
and  flexible.  QLIMG  expects  to  reduce 
its  telecom  costs  by  at  least  40%  once 
all  of  its  sites  are  deployed  next  month. 

With  the  (3)Tone  service  the  medical 
group’s  only  major  investment  was  its 
1,000  VoIP  phones.  While  the  firm  also 
had  to  upgrade  routers  at  each  site, 
Bruemmer  says  it  was  a  small  project  that 
only  involved  adding  RAM  or  software. 

“Before,  I  had  21  PBXs  with  a  full-time 
employee  to  handle  all  moves,  adds 
and  changes,”  Bruemmer  says.  She 
plans  to  sell  the  old  equipment  and  is 
eliminating  the  PBX  management  job. 

QLIMG’s  help  desk  now  will  be  able  to 
manage  all  the  VoIP  phones  because 
the  system  runs  over  the  medical  com¬ 
pany’s  LAN. 

“From  the  support  systems  side,  all 
moves,  adds  and  changes  are  now  eas¬ 
ily  handled  at  the  help  desk  [via]  point 
and  a  click,”  she  says.  “We  no  longer 
have  to  send  anyone  out  to  handle 
these  simple  changes.” 

The  medical  group  also  was  able  to 
use  existing  T-ls  that  were  deployed  to 
all  21  remote  locations  to  support  its 
new  VoIP  service.  “Originally  the  T-ls 
were  there  because  we  were  going  to 
implement  a  digital  radiology  network, 
but  we  are  behind  on  that  [project].  It 
just  fell  together,”  she  says. 

The  firm  did  have  to  deploy  an  addi¬ 


tional  T-3  to  connect  its  21  T-ls,  which  ter¬ 
minate  at  a  Verizon  central  office  to 
Level  3’s  softswitch  (see  graphic). 

In  addition  to  reducing  the  firm’s  cap¬ 
ital  outlay  on  telecom,  Bruemmer  says 
she’s  expecting  big  savings  as  she  elim¬ 
inates  some  of  her  current  data  net- 


QUMG  medical  site 


work.  “We  have  an  entire  data  network 
that  supports  our  electronic  medical 
records,”  she  says. The  medical  group  is 
expecting  to  collapse  some  of  that  data 
traffic  onto  the  T-ls  that  are  supporting 
QLIMG’s  VoIP  traffic. 

See  QLIMG,  page  30 


Takes 


■  AT&T  Wireless  is  expanding  the 
reach  of  its  Universal  Mobile 
Telecommunications  System  3G 
service.  The  high-speed  mobile 
offering  is  now  available  in  Dallas 
and  San  Diego.  The  service  provider 
has  been  offering  its  UMTS  service 
in  Detroit,  Phoenix,  San  Francisco 
and  Seattle  since  July.  UMTS  sup¬ 
ports  average  wireless  data  speeds 
between  220K  and  320K  bit/sec,  but 
can  burst  to  384K  bit/sec.  AT &T  is 
offering  two  handsets,  the  Motorola 
A845  or  the  Nokia  6651,  to  support  its 
broadband  service.  Each  device 
costs  $300,  and  both  support  voice 
and  data  traffic.  Users  also  have  the 
choice  of  buying  a  Novatel  Wireless 
Merlin  UMTS  PC  modem  card  for 
their  laptop  for  $150. 


■  Verizon  has  upped  the  speed  of 
its  DSL  service  to  3M  bit/sec  for 
businesses  and  consumers  in  12 
states  in  New  England,  the  mid- 
Atlantic  region  and  the  District  of 
Columbia.  The  new  asymmetrical 
DSL  service  offers  a  maximum  con¬ 
nection  speed  of  3M  bit,  sec  down¬ 
stream  and  768K  bit/sec  upstream, 
making  it  more  competitive  with 
cable  modem  service.  Until  now,  the 
highest  downstream  speed  for  Veri¬ 
zon's  DSL  service  was  1.5M  bit/sec. 
The  company  plans  to  offer  3M 
bit/sec  DSL  service  later  this  year  in 
the  remaining  11  states  where  it  now 
offers  1.5M  bit/sec  service.  For  busi¬ 
nesses,  Verizon  is  pricing  the  ser¬ 
vice  at  $90  per  montn  for  dynamic 
IP  addressing  or  $130  per  month  for 
static  IP  addressing.  Verizon  also 
offers  business-grade  DSL  service 
in  packages  up  to  a  maximum  of 
7.1  M  bit/sec. 
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EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


A  telecom 
history  lesson 

A  few  weeks  ago  I  was  lucky  enough  to 
travel  to  Seattle  on  a  combined  vaca¬ 
tion-business  trip.  Everyone  knows 
Seattle  as  the  source  of  Starbucks,  grunge 
music  and  perpetual  drizzle.  But  if  you’re 
ever  in  the  neighborhood,  after  sipping 
your  latte,  jamming  to  the  tunes  and  dodg¬ 
ing  the  raindrops,  you  might  want  to  take 
the  time  to  check  out  the  Museum  of 
Communications  (www.scn.org/tech/tel 
museum/).  It’s  way  cool,  and  not  just  for 
tech  junkies. 

The  museum  houses  some  of  the  oldest 
functioning  telecom  switches  —  includ¬ 
ing  step-by-step  switches  from  the  1920s 
and  relay  switches  from  the  ’40s.  You  can 
place  a  call  and  literally  watch  the  switch¬ 
es  perform  their  mechanical  routing,  if 
you’re  ready  to  make  the  leap  to  the  mod¬ 
ern  era  (almost),  you  can  check  out  the 
museum’s  functioning  though  tempera¬ 
mental  3ESS,  which  was  operational  from 
the  1960s  into  the  ’80s. 

For  me,  though,  the  most  significant 
impact  wasn’t  from  the  gear  itself.  It  was  the 
tangible  record  of  the  symbiotic  relation¬ 
ship  between  telecom  technology  and 
human  communication. 

Specifically,  telecom  gear  evolved  to 
serve  an  emerging  human  need:  to  speak 
with  one  another  across  long  distances. 
This  was  something  that  previously  hadn’t 
been  possible  but  rapidly  became  indis¬ 
pensable.  To  serve  that  need,  each  genera¬ 
tion  of  switches  made  the  process  of 
remote  human  communication  faster,  sim¬ 
pler  and  more  effective.  From  that  perspec¬ 
tive,  telecom  engineering  ranks  up  there 


with  automotive  engineering  as  one  of  the 
great  human-centric  design  efforts  of  the 
20th  century 

That  sounds  obvious,  but  it  contrasts 
strongly  with,  say,  computer  engineering, 
where  the  goal  always  has  been  subtly 
different.  Computers  fundamentally  are 
very  large  calculators,  and  much  of  com¬ 
puter  science  is  about  uncovering  prob¬ 
lems  for  which  very  large  calculators  are 
useful,  in  other  words,  computing  is  fun¬ 
damentally  about  the  capabilities  of  the 
technology  first,  and  its  application  to 
human  requirements  second.  Telecom  is 
the  opposite. 

But  that’s  only  half  of  the  symbiotic  equa¬ 
tion.  Telecom  technology  evolved  to  meet 
human  needs,  but  it  also  dramatically 
affected  the  humans  who  managed  it. The 
most  fascinating  part  of  the  tour  was  when 
our  guide  —  an  experienced  telecom  tech 
who  started  supporting  his  first  switches  in 
1948  —  described  placing  a  call  in  his  boy¬ 
hood.  He’d  pick  up  the  phone  and  the 
operator  would  immediately  recognize  his 
voice  and  place  the  call,  usually  on  a  first- 
name  basis. 

Times  (and  technologies)  have  changed, 
but  the  concept  of  service  hasn’t.  As  pio¬ 
neers  in  providing  the  new  and  exotic 
“communications  services,”  telecom  em¬ 
ployees  never  forgot  their  goal  was  to  pro¬ 
vide  services  to  humans.  That  sense  of 
commitment  was  lifelong;  in  fact,  the  muse¬ 
um  today  is  a  volunteer  effort,  staffed  by 
veteran  telecom  types  who  don’t  want 
their  legacy  of  cutting-edge  service  to  be 
forgotten. 

A  few  weeks  ago  I  wrote  about  executive 
crooks  who  pillaged  telcos  for  personal 
profit.  It  was  refreshing  to  meet  the  folks 
on  the  front  lines  whose  dedicated  and 
unselfish  service  expanded  the  horizons 
of  human  interaction  —  and  see  in  oper¬ 
ation  the  tools  they  built,  managed  and 
maintained. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


insite  ■  Lessons  from  leading  users 

QUMG 

continued  from  page  29 

“When  we’re  all  done  we  will  have  a 
converged  network, ’’she  says.This  network 
is  expected  cut  the  firm’s  data  networking 
costs  by  an  additional  50%, she  says. 

An  additional  benefit  of  the  service  is 
that  it’s  based  on  open  standards,  such  as 
Session  Initiation  Protocol  (SIP).This  gives 
Bruemmer  the  opportunity  to  change  ser¬ 
vice  providers.  “I  have  Cisco  phones  that 
are  based  on  SiPand  if  I  don’t  like  Level 
3’s  service  down  the  road  I  can  switch 
providers  and  still  protect  my  investment,” 
she  says. 

The  new  system  also  let  QLIMG  create  a 
call  center  at  its  headquarters  with  more 
than  100  phones.  “This  was  impossible 


with  our  old  system,”  Bruemmer  says. 

With  the  old  system  a  call  could  not 
be  transferred  from  one  QLIMG  facility 
to  another.  “We  would  have  to  tell  the 
patient  to  hang  up  and  call  back, 
and  that’s  not  very  customer-friendly” 
she  says. 

It  was  also  cost-prohibitive  because  if 
the  medical  firm  was  able  to  transfer  calls 
from  one  end  of  Long  Island  to  the  other 
it  would  be  a  regional  or  even  long-dis¬ 
tance  call, she  explains. 

VoIP  has  put  QLIMG  in  a  better  position 
in  case  of  a  disaster. “If  we  lost  a  PBX  or  a 
T-l  at  a  facility  we  would  have  been  with¬ 
out  phone  service.  With  Level  3  we  can 
still  access  our  phones  from  another  loca¬ 
tion,  home  or  even  while  on  vacation  by 
dialing  into  [Level  3’s]  portal  and  for¬ 
warding  calls  to  another  location,”  Bruem¬ 
mer  says.  ■ 
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LET  QWEST  iQ  NETWORKING  TRANSFORM  YOUR  NETWORK 
INTO  ONE  WELL-OILED,  SMOOTH-RUNNING  MACHINE. 


Some  say,  “No  way.”  We  say,  “Bring  it  on.”  Qwest  iQ  Networking™  makes  disparate  transport  technologies  act 
like  a  single,  state-of-the-art  network.  Now  your  ATM,  frame,  private-line  and  IP-based  networks  can  all  work 
together  as  one  seamless  entity.  Better  security,  more  robust  hosting  capabilities  and  more  diverse 
solutions  are  at  your  beck  and  call  with  our  converged,  intelligent  OC-192  MPLS-based  network.  Which  means 
you’ll  also  get  more  out  of  the  applications  you’ve  already  invested  so  much  time,  money  and  energy  in.  And 
you’ll  be  able  to  adapt  more  readily  and  proficiently  with  new  technologies  like  VoIP.  So  give  us  a  call  when 
you’re  ready  to  advance  your  network  to  a  new  level  of  converged  harmony.  We’re  waiting  in  the  wings  with 
the  tools  to  make  it  happen. 


1  800-506-0663  or  visit  qwest.com/networksolutions 
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INTERNET  SOLUTIONS  MANAGED  S  Q  L  U  T  ! 
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Qwest  iQ  Networking:  Qwest  iQ  Networking  is  a  suite  of  WAN  services  with  domestic  and  international  availability,  depending  on  services  selected.' Recurring  fees  vary,  depending : 
on  services  ordered.  Additional  enuinment  mav  be  reciuired.  All  trademarks  are  the  Dronertv  of  Qwest  Communications  International  Inc.  ©2004  Qwest.  All  ricihts  reserved.  . '  '  . 
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STOP  ASKING 

YOUR  APPLICATION  TO  DO 

THE  IMPOSSIBLE. 

THAT'S  THE  NETWORK'S  JOB. 


Web-based  applications  have  not  only  become  critical  to 
business,  they're  being  asked  to  do  what  no  one  imagined  a 
few  short  years  ago.  To  run  better.  Faster.  Always  be  accessi¬ 
ble.  Handle  huge  amounts  of  traffic  from  a  mushrooming 
number  of  different  devices.  Use  less 
bandwidth.  Be  immune  to  the  theft  of 
sensitive  data,  and  block  increasingly 
malicious  security  attacks. 

In  response,  more  and  more  functions 
are  being  loaded  onto  servers  -  requiring 
more  servers.  And  applications  are  forced 
to  do  more  than  they  can  or  should.  Usually  with  less  than 
satisfactory  results. 

But  what  if  you  could  make  the  network  an  extension  of 
the  application?  And  the  network  could  handle  whatever 


the  application  asked  it  to  do?  What  if  each  could  interact 
intelligently  with  the  other  to  literally  work  as  one? 

Now  you  can.  In  fact,  you  can  get  all  the  application 
optimization,  availability  and  security  you  need  in  one 

cohesive  architecture  that  you  can  cus¬ 
tomize  to  specific  business  policies. 
Right  at  the  critical  juncture  where 
your  application  connects  with  the  net¬ 
work  itself. 

It's  Application  Traffic  Management  as 
only  F5  provides  it.  A  networking  solution 
with  application  intelligence  you  can  easily  adapt  to  your 
needs.  No  matter  how  those  needs  grow  or  change. 

For  more  information,  visit  our  Solution  Center  at 
www.f5.com/f5products/.  Or  call  866-440-0188. 
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FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 


New  options  for  secure  remote  access 

3am  Labs  debuts  three  control  and  management  tools  —  two  for  free 


LogMeln  security  checklist 

Newcomer  LogMeln  offers  stronger  security  than  competing  remote 
desktop  control  products  GoToMyPC  and  PCAnywhere  —  comparable 
to  that  of  SSL  and  IPSec  VPNs.  (Security  features  of  Virtual  Network 
Computing  products  range.) 


Feature 

LogMeln 

GoToMyPC 

PCAnywhere 

Windows  authentication 

Yes 

No 

Yes 

Two-factor  authentication 
via  wireless  e-mail 

Yes 

No 

No 

End-to-end  encryption 

Yes 

Yes 

Yes 

128-bit  and  256-bit  SSL 

Yes 

No 

No 

RSA  SecurlD 

Yes 

Yes  (corporate 
version  only) 

Yes 

Intrusion  detection 

Yes 

No 

No 

Authorized  access  by  IP  ranges 

Yes 

No 

No 

Personal  security  codes 

Yes 

Yes 

No 

■  BY  TONI  KISTNER 

Big  companies  with  booming  remote 
access  demands  face  some  tough  choices 
—  widen  the  circle  of  IPSec  VPN  users, 
invest  in  an  additional  Secure  Sockets 


■  Mirra  has  announced  a  free  up¬ 
grade  to  its  Mirra  Personal  Server  for 
small  and  home  offices.  Version  2.0 
adds  automatic  file  and  folder  syn¬ 
chronization  and  sharing  among  net¬ 
worked  PCs,  as  well  the  ability  to  view 
large  thumbnail  previews  of  photos. 
The  device,  which  lets  you  store,  back 
up  and  remotely  access  your  digital 
content,  is  available  in  80G-,  120G-  and 
250G-byte  versions  that  cost  $400, 
$500  and  $750,  respectively, 

■  D-Link  has  introduced  a  business- 
class  access  point  with  Power  over 
Ethernet. The  device  supports  802. lx 
authentication,  Wi-Fi  Protected 
Access  and  AES  encryption,  and  will 
support  802.1 1  i  in  the  future.  SNMPv3 
management  uses  Access  Control 
Lists  to  monitor  real  time  network 
traffic.  The  access  point  works  in 
802.1 1g  mode,  Dynamic  Turbo  Mode 
and  Static  Turbo  Mode,  which  boosts 
speeds  on  other  Turbo  Mode  gear.  The 
AirPremier  Access  Point  (DWL- 
2200AP)  costs  $200. 

■  Buffalo  Technology  has 

announced  a  key-chain  version  of  its 
AirStation  54M  bit/sec  Wireless  USB 
Adapter.  The  adapter  works  with 
Buffalo’s  AirStation  One-Touch 
Secure  System,  which  automatically 
detects  and  configures  other  Buffalo 
AOSS  devices  on  a  wireless  network. 
An  auto-install  feature  automatically 
installs  required  drivers  and  software 
once  the  device  is  plugged  into  a  PC's 
USB  2.0  port.  It  supports  64/128-bit 
Wired  Equivalent  Privacy,  WPA, 
Temporal  Key  Integrity  Protocol  and 
AES.  It  costs  $80. 


Layer  VPN  product  or  service,  or  let  users 
manage  their  own  connections  by  sanc¬ 
tioning  remote  PC  control  services  such  as 
Citrix  GoToMyPC,  or  products  such  as  PC¬ 
Anywhere  or  Virtual  Network  Computing,  a 
free  utility  (See  www.nwfusion.com, 
DocFinder:3735). 

Until  now,  there  hasn’t  been  a  way  to  offer 
quick  and  inexpensive  remote  control 
without  giving  up  management  control 
and  tight  security  But  3am  Labs,  a  new 
company  run  by  the  team  that  developed 
RemotelyAnywhere  remote  control  and 
administration  software,  this  month  is 
debuting  three  products  that  aim  to  do  just 
that:  Provide  highly  secure  PC  remote 
access  and  administrative  tools  to  manage 
users’  connections.  And  two  of  the  three 
products  are  free. 

“Not  just  for  some  30-day  trial.  We  mean 
free  forever,”  says  company  CEO  Michael 
Simon. 

Similar  to  GoToMyPC,  the  LogMeln  ser¬ 
vice  lets  users  access  a  desktop  PC  from 
any  Web-enabled  PC,  handheld  or  phone. 


■  BY  TONI  KISTNER 

Small  companies  and  branch  offices 
requiring  strong  network  security  have 
often  had  to  pass  up  the  benefits  of  a  wire¬ 
less  network  rather  than  deal  with  the  cost 
and  complexity  of  installing  and  maintain¬ 
ing  an  802.1  lx  RADIUS  authentication 
server  or  IPSec  VPN. 

Interlink  Networks’  new  product, 
LucidLink,aims  to  give  small  offices  with 
limited  or  no  IT  support  the  best  of  both 
worlds. 

LucidLink  is  802.11  WLAN  security  soft¬ 
ware  that  provides  enterprise-level  network 
security  and  access  control  but  hides  the 
configuration  details  behind  a  handful  of 
easy  set-up  screens  —  so  easy  in  fact,  that 
Interlink  expects  customers  to  hand  off 
WLAN  administration  tasks  to  the  office 
manager,  putting  them  on  a  par  with  grant¬ 
ing  a  visitor  badge. 

“We  emulated  the  consumer  experience 
to  make  it  like  programming  a  garage  door 
opener/ says  Mike  Klein, president  and  CEO. 
Rather  than  require  a  dedicated  RADIUS 
server,  LucidLink  server  software  installs  on 


LogMeln  connections  are  SSL  encrypted, 
but  the  service  also  incorporates  Windows 
authentication  policies  into  existing  secur¬ 
ity  schemes  such  as  RSA  SecurlD,  and 


any  network  machine. 

Key  is  the  LucidLink  management  con¬ 
sole,  which  lets  non-technical  personnel 
manage  access  to  the  wireless  network. 

When  a  new  user  first  tries  connect  to  the 
wireless  network,  he’s  prompted  to  create  a 
user  ID  by  typing  in  his  name. When  he  hits 
ok,  the  request  is  sent  to  the  access  point, 
where  an  EAP  key  exchange  takes  place 
between  the  access  point  and  the  server, 
just  as  it  would  with  a  standard  RADIUS 
server. 

But  with  LucidLink,  the  exchange  gen¬ 
erates  an  eight-digit  authentication  code 
that  is  sent  to  the  user  and  administrator. 
The  system  prompts  the  user  to  provide 
his  authentication  code.  If  the  codes 
match,  the  administrator  will  authenticate 
the  user. 

“The  human  intervention  piece  is  what’s 
different  here,”  says  Chris  Trytten,  the  com¬ 
pany’s  director  of  product  management. 
“Rather  than  have  all  that  public  key  infra¬ 
structure,  we  suspend  the  EAP  method 
while  the  people  talk  to  each  other. Without 
that,  you’d  have  to  install  public  keys.” 

The  administrator  uses  the  management 


allows  wireless  one-time  passwords.  When 
a  user  accesses  the  Logmein.com  site,  he’s 
authenticated,  and  then  the  LogMeln  gate- 

See  3am  Labs,  page  34 


console  to  maintain  a  list  of  users  to  whom 
he  can  grant  or  deny  access  with  a  button 
click.  You  can  set  access  authorization 
dates,  and  also  deny  permission  and  then 
allow  it  at  a  later  date,  a  handy  feature  for 
managing  recurring  visitors. 

LucidLink  also  automatically  configures 
some  wireless  networks.  Currently  the 
product  works  only  with  D-Link  and 
Linksys  access  points;  more  will  be  added, 
the  company  says.  Users  install  the  “client 
copy  installer”  on  each  PC  with  a  WLAN 
card,  and  LucidLink  asks  for  the  access 
point’s  name  and  model  number. The  soft¬ 
ware  also  asks  whether  you  want  maxi¬ 
mum  security(which  requires  connected 
systems  to  support  Wi-Fi  Protected  Access, 
for  instance)  or  maximum  compatibility 
(which  lets  you  connect  a  mix  of  Wired 
Equivalent  Privacy  and  WPA  systems). 

LucidLink  is  geared  to  firms  with  fewer 
than  250  users.  Bigger  companies  that 
need  access  to  back-end  directory  ser¬ 
vices  such  as  Lightweight  Directory 
Access  Protocol  will  need  to  invest  in  a 
RADIUS  server  or  VPN.  LucidLink  costs 
$449  for  10  users.  ■ 
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Get  your  FREE  book  and  learn  how  your 
company  can  manage  the  startling  growth 
in  email  volume — and  withstand  the 
massive  flood  of  spam,  viruses  and  fraud  that 
threaten  your  email  communication  system. 

To  order  your  free  copy  of 
GET  THE  MESSAGE: 

A  Business  Guide  to 
Surviving  the  Email  Security  Crisis, 
visit  www.ironport.com/book 
or  call  toll  free  866.882.8658 


IRON PORT 


Rebuilding  the  World’s  Email  Infrastructure. 
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Net.Worker 


TELEWORKER 

BEAT 

Toni 

Kistner 


Now  that  we’re  all  back  at  our  desks, 
let’s  look  at  some  work-related  stud¬ 
ies  that  piled  up  about  Labor  Day  Of 
course,  some  of  us  just  pretended  to 
unplug  in  August,  lest  we  scare  the  boss 
with  our  sloppy  workaholism.  OK,  show  of 
hands:  Who  lurked  in  e-mail  on  vacation? 
No,  wait,  better  yet,  who  didn’t?  That  num¬ 
ber’s  easier  to  count. 

The  number  of  employed  Americans 
who  did  any  work  at  home  grew  7.5%,  from 
41.3  million  in  2003  to  44.4  million  this 
year,  according  to  the  2004  American  Inter¬ 
active  Consumer  Survey  conducted  by  The 
Dieringer  Research  Group  in  conjunction 
with  ITAC. 

Of  course,  this  is  the  widest  net  you  can 
cast,  as  those  44.4  million  people  include 
those  who  worked  at  home  one  day  per 
year.Teleworkers  who  worked  at  home  dur: 
ing  business  hours  at  least  one  day  per 
month  increased  only  2.6%,  from  23.5  mil¬ 
lion  to  24.1  million. That’s  18.3%  of  the  U.S. 
adult  workforce.  Of  the  24.1  million,  16.5 
million  are  self-employed. 

Midsized  businesses  saw  the  biggest 
growth,  with  47%  of  companies  with  100  to 
999  employees  teleworking.  But  large  com¬ 
panies  —  those  with  more  than  1,000 
employees,  saw  no  increase.  More  details 
will  be  unveiled  at  ITAC’s  annual  member 
meeting  next  week. 

The  average  commuter  in  the  U.S.  lost 


As  telework 
grows,  so  does 
congestion 

nearly  a  full  week  of  his  life  (46  hours) 
stuck  in  congested  traffic  in  2002,  accord¬ 
ing  to  the  annual  Urban  Mobility  Report 
recently  released  by  the  Texas  Trans¬ 
portation  Institute  (TTI)  at  Texas  A&M 
University 

The  TTI  study  ranks  regions,  cities  and 
states  by  several  measurements,  including 
the  annual  delay  per  rush  hour,  which  has 
grown  from  16  to  46  hours  since  1982; 
annual  financial  cost  of  traffic  congestion, 
which  has  gone  from  $14  billion  to  $63  bil¬ 
lion  in  the  same  period;  and  wasted  fuel, 
totaling  5.6  billion  gallons  lost  to  idling 
engines. 

The  new  study  increased  the  number  of 
urban  areas  studied  from  75  to  85  and 
includes  all  those  exceeding  500,000  in 
population. 

No  surprise,  the  most  congested  metro¬ 
politan  area  in  the  U.S.  is  Los  Angeles,  fol¬ 
lowed  by  San  Francisco;  Washington  D.C.; 
Dallas-Fort  Worth;  and  Houston.The  biggest 
increase  in  congestion  occurred  in  Dallas- 
Fort  Worth,  where  commuters  spent  61 
hours  stuck  in  traffic  in  2002. TTI  offers  the 
print  report  for  sale  at  its  Web  site,  and  has 
made  all  the  data  available  for  perusing. 
We’ll  dig  around  and  report  more  findings 
next  week. 

Kistner  is  managing  editor  of  the 
Net.  Worker  section  of  Network  World.  She 
can  be  reached  at  tkistner@nww.com. 


3am  Labs 

continued  from  page  33 

way  forwards  the  encrypted  traffic  be¬ 
tween  a  client  and  a  host. 

The  service  works  with  LogMeln  Scout, 
a  new  management  tool  that’s  also  free. 
Scout  finds  all  remote-access  products 
deployed  on  the  network,  and  lets  you 
define  and  enable  LogMeln  usage  poli¬ 
cies  by  users,  groups  of  users  or  machine. 
You  can  give  some  users/groups  remote 
control  rights  only,  others  upload/down¬ 
load  rights,  and  others  administration 
rights.  GoToMyPC  offers  similar  manage¬ 
ment  features  but  only  in  the  corporate 
version,  not  the  personal  or  small-busi¬ 
ness  editions. 

A  third  product,  LogMeln  Pro,  costs 
$12.95  per  user  per  month  and  is  geared 
to  those  who  need  to  be  fully  productive 
while  working  at  a  remote  system,  not  just 
grab  a  file  on  the  run.  One-button  file  syn¬ 
chronization  makes  it  easy  to  keep  track 
of  files  between  two  systems.  An  FTP-like 
utility  eases  file  uploads  and  downloads. 
A  “click  to  share”  feature  lets  you  share 
large  files  across  the  Web.  A  remote  print¬ 
ing  feature  lets  you  target  a  file  on  your 
corporate  system  and  print  it  locally. 

Because  the  products  are  free,  IT  admin¬ 


istrators  can  use  LogMelnScout  only  to 
monitor  and  control  remote  access  con¬ 
nections  on  the  network.  Users  can  down¬ 
load  multiple  copies  of  the  client  onto 
numerous  PCs  and  other  devices, such  as 
media  servers  or  network-attached  stor¬ 
age  boxes,  to  access  music,  video  and 
photos. 

How  will  3am  Labs  make  money? 
Simon  points  to  the  popularity  of 
GoToMyPC  and  VNC,  the  latter  of  which 
has  60,000  free  downloads  per  month. 

“Our  free  version’s  a  great  alternative  to 
VNC.  It’s  more  secure  and  easier  to  use, 
and  integrates  with  Scout.  Those  60,000 
downloads  are  up  for  grabs.  If  we  can  get 
2  million  people  to  use  the  free  version, 
we  can  get  a  couple  of  hundred  thousand 
to  buy  LogMelnPro,”  Simon  says. 

The  three  products  are  in  beta  form  at 
www.logmein.com,  and  final  code  is 
expected  by  the  end  of  the  month.* 


More  online! 

For  more  details  on 
LogMeln  security  go  to: 

DocFinders:  3736, 
3737. 
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»  The  next  viral  intruder  lurks  ...  somewhere.  But  a  Juniper  network  is  already 
built  to  withstand  the  attack.  Juniper  Networks  delivers  the  industry’s  most 
secure  and  sophisticated  solutions — making  your  network  impenetrable 
without  sacrificing  speed  or  reliability.  Juniper  your  net. 


Don’t  miss  Defending  in  Depth,  a  seminar  series  featuring  a  key  note  address  from  Gartner  security 
experts.  For  more  information  visit  www.juniper.net/nwevent.  Seminar  dates: 

09/14/04:  San  Francisco,  CA  *  10/14/04:  Atlanta.  GA  •  11/09/04:  Chicago,  IL  •  11/11/04:  Boston,  MA 
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Are  you? 


Millions  of  your  peers  are  turning  to  the  Security  Guidance  Center  for  the  latest  in  security.  By  visiting  regularly, 
they  get  the  tools,  guidance,  and  training  needed  for  better  protection  against  viruses  and  other  security  threats. 
Visit  microsoft.com/security/IT  today  and  see  for  yourself  the  newest  additions,  including: 


Microsoft*  WindowsBXP  Service  Pack  2  with  Advanced  Security  Technologies  Download  it  for  free 
and  evaluate  the  latest  updates  for  increased  system  control  and  proactive  protection  against  security  threats. 


Free  Online  Self  Assessment  Complete  this  free,  Web-based  self-assessment  test  to  help 
you  evaluate  your  organization's  security  practices,  and  identify  areas  for  improvement. 


Free  Updates  and  E-mail  Alerts  Stay  on  top  of  the  latest  security  issues  quickly  and 
easily  by  signing  up  for  free  Microsoft  Security  Communications. 


Free  Security  Tools  React  more  effectively  to  potential  security  threats.  Take  advantage  of 

free  tools  and  technologies  like  the  Microsoft  Baseline  Security  Analyzer  and  Software  Update  Services. 


Go  today  to  microsoft.com/security/IT 


Microsoft • 


C  2004  Microsoft  Corporation.  All  rights  reserved.  Microsoft  and  Windows  are  either  registered  trademarks  or  trademarks  of 
Microsoft  Corporation  in  the  United  States  and/or  other  countries. 


Proposed  standard  simplifies  VPLS 


HOW  IT  WORKS 


VPLS  auto-configuration 

The  IETF  Layer  2  VPN  Working  Group  is  nailing  down 
a  standard  to  automate  the  setup  and  ongoing 
maintenance  of  VPLS  mesh  networks. 


O  During  node  discovery,  each  edge  router  locates  other  VPLS-enabled  routers  on  the  network. 

©  During  service  discovery,  the  routers  exchange  service  IDs  that  teii  them  whicli  locations 
support  a  specific  service.  For  example,  the  router  at  location  A  will  know  it  needs  to  establish 
a  video  service  with  location  B  and  a  segmented  workgroup  with  location  C. 

©  In  the  final  phase,  the  routers  create  a  VPLS  mesh  network  that  connects  the  appropriate 
locations  with  the  right  services. 


■  BY  ODED  BERGMAN 

Virtual  Private  LAN  Service  is  an  emerg¬ 
ing  technology  that  lets  corporations  and 
carriers  segment  voice,  video  and  data  traf¬ 
fic  across  a  Multi-protocol  Label  Switching- 
based  backbone  network.  For  corpora¬ 
tions,  VPLS  allows  for  multi-point  VPNs  that 
provide  QoS  for  any  traffic  type.  And  carri¬ 
ers  can  use  VPLS  to  build  private  IP  seg¬ 
ments  for  a  corporation  across  a  common 
MPLS  backbone. 

However,  implementing  VPLS  requires 
creating  a  complex  matrix  of  services  and 
locations  in  the  edge  routers  at  each  site 
that  quickly  becomes  difficult  to  configure 
and  maintain.  To  address  this  complexity 
the  IETF  Layer  2  VPN  Working  Group  has 
proposed  a  standard  to  automate  the  setup 
and  maintenance  of  VPLS  mesh  networks. 
The  simplicity  of  the  as-yet-unnamed  VPLS 
auto-configuration  standard  has  the  poten¬ 
tial  to  fulfill  the  promise  of  VPLS  technol¬ 
ogy  as  the  key  enabler  of  enterprise-wide 
convergence. 

VPLS  is  implemented  in  edge  routers 
and  provides  Layer  2  bridge-like  services, 
which  lets  corporations  with  dispersed 
locations  work  in  a  switched  LAN  network 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
want  to  contribute  a  primer  on  a  spe¬ 
cific  technology,  standard  or  protocol, 
contact  Amy  Schurr,  senior  managing 
editor,  features  (aschurr@nww.com). 


over  an  MPLS  backbone.  The  service’s 
multi-point  pseudo  wire  connections 
emulate  physical  connections.  This  is 
done  with  a  VPLS  service  ID  label  given  to 
each  service  that  defines  the  traffic  type 
and  QoS  parameters. 

In  the  example  shown  in  the  graphic,  a 
three-location  network  supports  a  video 
transport  service  between  locations  A  and 
B,VoIP  services  between  location  B  and  C, 
and  a  LAN  segment  for  a  large  workgroup 
between  A  and  C. 

To  implement  these  services,  network 
managers  create  a  VPLS  mesh  network  that 
includes  the  service  IDs  and  the  locations 
that  participate  in  these  services.  Network 
managers  at  each  location  must  manually 
enter  the  service  IDs  and  locations  of  each 
of  the  services  into  each  VPLS  edge  router. 

Scaling  the  network  or  deploying  it 
across  a  multi-vendor  network  increases 
the  risk  of  configuration  errors,  which 
could  shut  down  the  network,  because  all 
the  edge  routers  must  be  updated  with 
new  mesh  configurations  every  time  a  ser¬ 
vice  is  added,  dropped  or  changed.  The 
proposed  standard  is  designed  to  config¬ 
ure  the  topology  and  location  of  each  ser¬ 
vice.  The  service-location  matrix  is  estab¬ 
lished  automatically  through  a  node-dis¬ 
covery  process  in  which  each  router  adver¬ 
tises  its  VPLS-enabled  status  and  capabili¬ 
ties  to  all  other  routers.  Each  edge  router 
discovers  the  location  of  all  other  VPLS 
edge  routers.  The  edge  router  then  builds 
and  maintains  a  list  of  those  routers. 

Next  comes  the  service-discovery  phase, 
in  which  each  VPLS  router  communicates 
its  service  IDs  and  builds  a  table  of  the  ser¬ 
vice  IDs  of  the  relevant  routers  on  the  net¬ 
work.  These  routers  then  can  build  tunnels 


or  virtual  circuits  to  each  remote  router  to 
support  the  relevant  services. 

VPLS  auto  configuration  already  has 
been  implemented  in  products  from  many 
vendors,  but  the  VPN  Working  Group  still 
must  define  a  protocol  that  can  be  used  in 
multi-vendor  implementations. 

The  group  is  reviewing  several  proposals 
that  use  various  protocols  to  accomplish 
the  node-discovery  and  service-discovery 
processes.  It  is  considering  these  proposals 
but  has  not  determined  a  schedule  for  issu¬ 


ing  an  Internet  draft  or  RFC. 

VPLS  is  the  key  to  successful  support  of 
multi-point  transparent  VPNs  in  MPLS  net¬ 
works.  The  new  auto-configuration  stan¬ 
dard  will  spur  adoption  by  dramatically 
simplifying  the  process  of  building  and 
maintaining  VPLS  networks. 

Bergman  is  a  research  and  development 
project  leader  at  MRV  Communications. 
He  can  be  reached  at  obergman@ 
mrv.com. 


Dr.  Internet 


By  Steve  Blass 


Is  it  possible  to  copy  files  between  PCs  through  a 
Windows  remote  desktop  connection  without  using 
additional  software  or  having  a  Windows  network 
connection  between  the  two  systems? 


The  Windows  XP  Remote  Desktop  client  provides 
the  ability  to  copy  files  directly  between  systems 
through  the  remote  desktop  connection.  To  config¬ 
ure  the  connection  for  file  transfer,  open  Remote 
Desktop  Connection  from  the  Communications 
section  of  the  Accessories  part  of  your  Program 
menu  in  Windows  XP  and  click  the  Options  button. 


Click  on  the  Local  Resources  tab  in  the  Options 
dialog  that  opens  up.  In  the  lower  portion  of  the 
Local  Resources  dialog  you  will  see  the  Local  De¬ 
vices  section  with  check  boxes  for  disk  drives, 
printers  and  serial  ports.  Checking  the  disk  drives 
check  box  will  make  everything  on  all  your  local 
disk  drives  visible  to  the  remote  desktop  connec¬ 
tion,  and  you  can  copy  and  paste  files  between  the 
two  computer  systems.  Checking  the  printers 
check  box  will  let  you  add  local  printers  to  the  re¬ 
mote  server  during  your  remote  desktop  connec¬ 
tion.  If  the  server  doesn't  automatically  recognize 


your  printer,  you  can  add  the  printer  to  the  server 
manually  as  a  local  printer  on  a  new  TCP/IP  port 
configured  to  match  your  client  computer  IP  ad¬ 
dress.  If  your  IP  address  is  the  printer,  connection 
will  be  made  automatically  on  subsequent  logons.  I 
still  use  Secure  Shell  (www.nwfusion.com,  Doc- 
Finder:  3732)  for  file  transfer  with  remote  desktop 
connections,  but  I  do  like  the  printer  redirection. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.intemet@change 
atwork.com. 
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Technology  Update 


GEARHEAD 
INSIDE  THE 
NETWORK 
MACHINE 

Mark 

Gibbs 


Our  good  friends  down  the  road  got 
DSL  a  few  years  ago  so  we  installed  it 
for  them  and  recently  they  decided 
to  upgrade  to  the  2Wire  HomePortal 
lOOOHWan  asymmetric  DSL  modem  with 
built-in  802.1  lb  support. 

So  given  that  the  ADSL  circuit  had 
already  been  set  up  (the  account  had 
been  enabled  with  a  PPP  over  Ethernet 
name  and  password  defined,  and  the  ser¬ 
vice  had  been  running)  how  could  this  not 
be  easy?  One  word:  SBC. 

According  to  the  outsourced  tech  named 
Bob  (whose  lousy  training,  unctuousness 
and  lack  of  understanding  of  his  job  will 
probably  wind  up  in  a  future  BackSpin  col¬ 
umn),  the  problem  was  caused  by  a  mal¬ 
functioning  registration  server.  Three  days 
later,  according  to  other  outsourced  techs 
with  nice,  familiar  names  like  Mary  and  Joe 
(but  who  all  sounded  distinctly  foreign) 
there  was  still  a  problem  with  the  authenti¬ 
cation  server.  Now  we  got  suspicious. 

The  next  time  we  called  we  demanded 


Dicing  with  DSL 

second-level  support  (who  are  real  support 
people  and  not,  as  far  as  we  know,  out¬ 
sourced)  and  spoke  to  Eric  (not  his  real 
name),  who  was  delightfully  frank  with  us 
about  the  outsourced  techs  —  “they  suck” 
was  his  considered  judgment.  He  said  the 
problem  had  nothing  to  do  with  the  faulty 
registration  server  but  with  the  authentica¬ 
tion  server,  and  after  resetting  the  password 
everything  worked.  It  was  a  near  miracle. 

We  suspect  somewhere  is  the  labyrin¬ 
thine  SBC  Yahoo  DSL  installation,  some¬ 
thing  to  do  with  the  PPPoE  account  setup 
got  reset  and  stopped  us  from  logging  on. 

So  with  the  DSL  service  up  and  running 
and  one  PC  connected  by  USB,  we  tried  to 
connect  via  wireless  a  Macintosh  Power- 
Book  G4  running  OS  X  10.3.  This  was 
another  complex  and  tedious  exploration 
into  the  nether  regions  of  the  deranged 
ideas  vendors  have  about  networks. 

The  first  problem  was  not  being  able  to 
enter  what  Apple  calls  the  “password”  — 
what  everyone  else  calls  a  “WEP  key”  — 
because  OS  X  kept  telling  us  we  couldn’t 
get  authorized. 

The  default  WEP  key  is  printed  on  a  label 
on  the  underside  of  the  2Wire  device  —  it 
is  just  a  sequence  of  digits. 

It  turns  out  that  to  enter  the  WEP  key  in 
the  OS  X  10.3  configuration  utility  you 


www.nwfusion.com  | 


need  to  enter  the  key  on  the  label  pre¬ 
ceded  by  a  “$”  so  that  OS  X  knows  it  is  a 
hexadecimal  value. 

Had  SBC  included  the  2Wire  manual  in 
the  box  the  company  shipped  to  my 
friends  or  even  included  the  instructions  in 
the  hideous  installation  software,  life  would 
have  been  simpler.  But  no,  we  had  to  waste 
20  minutes  assuming  we  were  doing  some¬ 
thing  wrong  then  realize  we  weren’t  and 
had  to  go  searching  for  an  answer  online. 

So  now  we  had  a  working  connection, 
but  wait:  No  IP  connectivity  We  checked  to 
see  if  the  G4  was  using  DHCP  and  made  it 
renew  its  lease,  but  rather  than  picking  up 
an  assigned  address  from  our  access  point 
the  G4  kept  producing  some  odd  address 
in  a  totally  different  Class  B  network. 

We  tried  requesting  a  new  lease  multiple 
times  and  discovered  an  interesting 
effect:  If  you  renew  the  DHCP  lease  sever¬ 
al  times  in  quick  succession  the  G4  often 
will  respond  with  a  warning  it  has  detect¬ 
ed  “ping  flooding"  with  the  DHCP  server  as 
the  culprit. 

Ping  flooding,  you  will  recall,  is  a  denial- 
of-service  attack  that  involves  sending  a 
large  number  of  Internet  Control  Message 
Protocol  echo  requests  to  a  target 
machine.The  intention  is  to  keep  the  target 
so  busy  dealing  with  low-level  connection 


requests  that  its  ability  to  communicate  is 
partially  or  completely  inhibited. 

We  suspect  this  problem  could  be 
caused  by  the  G4  observing  a  tooshort 
timeout  when  waiting  for  the  DHCP  server 
to  respond.  When  the  DHCP  server  does 
respond,  the  G4  is  no  longer  listening  for 
DHCP  responses  and  assumes  that  all  the 
incoming  DHCP  lease  data  is  a  ping  flood. 

Anyway  we  couldn’t  assign  a  static  IP 
address  to  the  G4  because  apparently  the 
2Wire  doesn’t  support  such  a  thing  over 
wireless.  After  futzing  around  for  another 
40  minutes  and  getting  essentially  no  fur¬ 
ther,  we  started  another  online  search  to 
see  if  the  truth  is  out  there. 

Curiously,  there  seems  to  be  a  significant 
amount  of  commentary  about  the  DHCP 
problem  with  OS  X,  but  people  often 
appear  to  get  sidetracked  by  assuming  it  is 
caused  by  factors  other  than  simply  not 
picking  up  the  assigned  DHCP  lease. 

There  was  a  happy  ending  to  this  saga, 
albeit  one  involving  an  ugly  solution.  We 
restarted  the  G4  and  it  just  picked  the 
DHCP  lease.  Perhaps  the  start-up  DHCP 
response  timeout  is  longer  than  the  time¬ 
out  used  by  utilities. 

If  you  have  any  clues  about  this,  please  let 
us  know  at  gearhead@gibbs.com. 


Quick  takes 
on  high-tech  toys 


hile  I  did  not  attend  this  year’s  Demomobile  show 
in  La  Jolla,  Calif.,  I  was  able  to  get  a  sneak  peek  at 
some  of  the  cooler  products.  Here’s  a  closer  look. 


Not  just  a  networked  media  player 

ViewSonic,  known  mostly  for  its  computer  monitor, 
LCD  TV  and  plasma  display  business,  is  getting  into  the 
wireless  network  and  networked  media  gateway  market. 
The  ViewSonic  WMG  80  (and  WMG  120)  Wireless  Media 
Gateway  combines  a  network-attached  storage  device 
with  a  wireless  LAN  router. The  Wireless  Media  Gateway, 
used  with  the  WMA  100  Wireless  Media  Adapter,  can 
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Some  really  cool  stuff  at  Demomobile 
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store  a  user’s  digital  media  content 
(music,  photos  and  videos),  and 
then  stream  it  (over  wireless  or 
through  Ethernet)  to  the  WMA 
100,  connected  to  a  TV  or  stereo 
(or  both).  While  networked  media 
players  are  nothing  new,  ViewSonic  has 
has  added  a  networked  hard  drive  (80G  bytes  for 
the  WMG  80, 120G  bytes  for  the  WMG  120). The  gateway 
can  stream  content  simultaneously,  meaning  a  user  can 
stream  music  and  videos  to  two  different  adapters  at  the 
same  time.  The  device  also  can  stream  Internet  radio 
stations. 

The  gateway  and  adapter  include  802.1  lg  wireless  LAN 
connectivity,  have  built-in  QoS  features  (802. lie  support 
through  firmware  upgrade)  and  a  host  of  security  features. 
ViewSonic  will  sell  the  WMG  80  and  WMA  100  as  a  bun¬ 
dled  package  for  $700;  the  WMG  120  and  WMA  100  bundle 
for  $800.  For  users  who  already  have  wireless  networks  and 
want  to  use  their  PCs  for  content  storage,  the  WMA  100  will 
cost  $300.  ViewSonic  expects  to  ship  the  devices  next 
month. 


Wi-Fi  to  go 

For  road  warriors  who  get  accustomed 
to  high-speed  Internet  connections  in 
hotel  rooms,  entering  a  room  with  only 
dial-up  might  come  as  a  shock.  But  with 
the  WiFlyer  device  from  AlwaysOn 
Wireless,  at  least  the  road  warriors  can 

ViewSonic's  Wireless  Media  Gateways,  used 
with  the  company's  wireless  adapter,  can 
store  digital  content  and  stream  it  to  a  TV. 
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The  WiFlyer  will  let  you  use  a  Wi-Fi  connection 
from  your  laptop  to  the  Internet  via  dial-up. 


use  a  Wi-Fi  connection  from 
their  laptops  to  the  dial-up 
Internet  connection. 

Rudy  Prince,  CEO  of  AlwaysOn 
Wireless,  says  as  long  as  the  people 
sharing  an  Internet  connection  aren’t 
running  bandwidth-intensive  applica¬ 
tions,  dial-up  can  support  two  or  three  com¬ 
puters  without  many  problems. 

In  locations  with  a  high-speed  connection,  the  WiFlyer 
becomes  a  wireless  access  point.  An  extra  WAN  port  is 
available,  so  travelers  can  bring  along  their  VoIP  boxes 
and  create  a  traveling  office  with  phone  and  data  service 
available  through  the  same  link. 

The  WiFlyer  will  cost  about  $150,  and  will  be  sold 
through  online  retailer  SkyMall  and  at  www.wiflyer.com. 

Headset  heaven 

Anyone  who  has  made  a  cell  phone  call  on  a  busy  city 
street  will  appreciate  the  Jawbone  headset  from  Aliph. 
The  company  uses  acoustic  technology  that  virtually 
eliminates  background  noise. The  headset  also  improves 
the  sound  quality  of  the  incoming  call,  whereas  most 
headsets  degrade  sound  quality. 

The  Jawbone  headset  includes  a  sensor  that  not  only 
detects  when  you  are  speaking  but  also  can  detect  the 
type  of  background  noise  present  and  eliminate  it  from 
the  call. 

The  Jawbone  costs  $150.  Go  to  www.jawbone.com  for 
more  information. 

Shaw  can  be  reached  at  kshaw@nww.com. 


They  multifunction,  multitask  and  multi-simplify. 


HP  multifunctional  products  can  make  you  more  productive— our  free  MFP  strategy  guide  shows  you  how.  Each  of  these  workhorses  can  do  the  job  of  three 
machines— printer,  copier,  scanner— in  one.  Some  fax  too.  Using  HP's  Digital  Sending  Software  (optional  on  the  HP  LaserJet  9055mfp  and  HP  LaserJet 
9065mfp),  you  can  scan  and  send  directly  to  e-mail  or  network  folders,  depending  on  the  model.  Choose  from  a  wide  range  of  devices  to  find  the  one 
that  fits  your  organization,  whether  you're  a  small  office  or  large  department.  By  actively  managing  your  overall  fleet,  you  could  save  up  to  30%  on  overall 
operating  costs  as  well  as  save  time  on  maintenance  and  supplies  management.  With  our  MFPs,  you  get  more  than  a  printer  or  copier.  And  with  HP  and  our 
authorized  dealers,  you  get  more  than  hardware — you  get  service,  support  and  expert  advice.  How's  that  for  multifunctional? 


HP  LASERJET 
4100mfp/4101mfp 


HP  LASERJET 
9000mfp/9000Lmfp 


HP  LASERJET 

9055mfp/9065mfp 


Fully  integrated  printing  and  copying 
solution  for  small  workgroups 


•  Up  to  25  ppm  print/copy  speed  (black) 

•  Print,  copy,  color  scan,  digital  send  and  fax 
(optional  with  4100) 

•  1,600  sheet  maximum  input  capacity 


High-performance,  versatile  printing  and 

copying  for  large  workgroups 

•  Up  to  50  ppm/40  ppm  print/copy  speed 
(black) 

•  Print,  copy,  color  scan,  digital  send  and 
optional  faxing 

•  Up  to  11 "  x  17"  media  capable,  optional 
finishing  includes  multi-position  stapling  and 
saddle-stitch  booklet  production 

Mail-in  rebates  available  on  these 
two  models.* * 

Rebates  not  available  in  the  state  of  Connecticut. 


High-volume,  high-performance  copying 

and  printing  for  large  departments 

•  Up  to  55  ppm/65  ppm  print/copy  speed 
(black) 

•  Copy,  print,  scan,  standard  duplex  and 
optional  digital  send 

•  Optional  4,000-sheet  input  tray,  three-hole 
punch  and  cover  inserter 

•  Up  to  12"  x  18"  media  capable 

FREE  Digital  Sending  Software 
(HP  DSS  3.0  Workflow) 


invent 


•Rebate  offers  good  on  HP  9000mfp/HP  9000Lmfp  purchases  made  between  5/1/04  and  10/31/04.  Rebates  are  subject  to  change;  check  the  HP  Web  site  at  www.hp.com/go/hotdeals  for  most  current  rebate  offers  and/or  additional  rebate  offers.  ©2004  Hewlett-Packard  Development  Company  l.P. 
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ON  TECHNOLOGY 

John  Dix 


Stirring  up 
the  IT  pot 


Summer  is  a  good  time  to  slap  IT  folks  around  with 
profound  statements,  like  Nicholas  Carr  did  last 
year  with  his  Harvard  Business  Review  story  “IT 
doesn't  matter.” While  not  quite  as  stirring,  Bain  &  Co.  cre¬ 
ated  a  ripple  with  a  recent  survey  that  showed  60%  of 
senior  executives  view  IT  as  “inhibiting  growth  in  key 
areas.” 

But  that’s  looking  at  the  glass  half-empty. The  survey  — 
“Is  IT  a  bottleneck  to  growth?” —  found  that  70%  of 
senior  executives  agree  that  “IT  is  highly  relevant  to 
enabling  their  companies  to  grow.”  (The  survey  was  of 
359  companies,  and  the  majority  of  respondents  are 
said  to  have  C-level  finance,  IT  or  general  management 
positions.) 

The  bad  news  creeps  in  when  the  question  gets  specific 
about  IT  helping  or  hindering  growth  in  key  areas.  Bain 
says  that  while  views  of  IT  are  favorable  when  the  ques¬ 
tion  is  about  core  business  growth  initiatives  —  retaining 
customers,  growing  current  customers  or  acquiring  new 
customers  in  the  same  market  —  they  are  less  favorable 
in  what  Bain  calls  growth  adjacencies. 

Listed  in  order  of  increasing  distance  from  the  core, 
these  adjacencies  include:  new  products  or  services;  new 
types  of  customers;  new  channels;  new  geographies;  and 
new  steps  in  the  value  chain. 

Of  the  respondents  who  viewed  IT  as  an  inhibitor 
for  growth  in  these  areas,  Bain  says  more  than  half  of 
the  respondents  said  “lack  of  information  or  transac¬ 
tion  capabilities  were  causes  for  the  bottlenecks  to 
growth.” 

Not  surprisingly,  Bain  found  that  respondents  who 
worked  for  companies  that  spend  more  on  IT  tended  to 
view  IT  as  a  significant  growth-enabler,  while  those  who 
were  less  optimistic  tended  to  spend  less. The  positive 
bunch  spends  7.4%  of  revenue  on  IT  on  average,  while 
the  pessimistic  spend  4.7%. 

Among  those  who  view  IT  as  a  bottleneck,  Bain  attrib¬ 
utes  the  perception  to  four  factors:  the  age-old  lack  of 
alignment  of  IT  with  business  needs;  under-exploited 
systems  that  didn’t  deliver  promised  capabilities;  lack  of 
IT  or  vendor  skills;  and  complex  legacy  systems  that 
aren’t  flexible  enough  for  current  demands. 

While  the  survey  seems  to  have  turned  up  some  inter¬ 
esting  numbers  and  perceptions,  it  doesn’t  merit  the 
inflammatory  headline.  Bain  unfortunately  chose  to 
play  up  the  glass-half-empty  view  of  the  results,  touting 
the  fact  that  IT  isn’t  as  effective  at  helping  companies 
capitalize  on  the  stuff  they  know  least  about. 

Surprise,  surprise. 

—  John  Dix 
Editor  in  chief 
jdix@nww.com 
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opinions! 


I  fought  the  law 

Regarding  Mark  Gibbs’  BackSpin  column  “Leashing 
the  dogs  of  law”  (www.nwfusion.com,  DocFinder: 
3723):  In  the  end,  it  comes  down  to  the  fact  that  we 
all  want  our  money  without  responsibil¬ 
ity  Concerning  money:  Can  we  make  it?  Can  we  pro¬ 
tect  it?  Can  we  keep  competing  organizations  from 
getting  any  of  it?  Of  course,  every  company  would 
like  to  be  able  to  answer  yes  to  those  questions.That’s 
how  we  get  organizations  such  as  the  Motion  Picture 
Association  of  America  (MPAA),  Microsoft,  SCO  and 
any  number  of  other  overly  aggressive  companies  in 
the  first  place.  And  when  the  MPAA,  Microsoft,  SCO 
and  other  companies  find  they  cannot  prevent  com¬ 
peting  organizations  from  getting  a  little  piece  of  the 
pie,  they  use  a  small  portion  of  their  vast  resources  to 
crush  the  competition.  (And  they  also  allocate  a  few 
more  resources  to  political  solutions  and  obscure 
patents.) 

As  stockholders,  we  tend  to  overlook  any  behavior 
that  doesn’t  result  in  higher  earnings.  And  to  be  fair, 
we  don’t  always  know  exactly  what  decisions  are 
handed  down  from  the  boardrooms  and  executive 
offices.We  have  to  depend  on  the  lawyers  and  board 
members  to  act  responsibly  and  ethically 

Will  the  same  thing  that  happened  to  321  Studios 
and  several  Microsoft  competitors  happen  to  small, 
innovative  Linux  shops?  Possibly  Or  maybe  not. That’s 
why  we  have  trade  and  patent  laws  —  and  trade  and 
patent  attorneys.  And  it  makes  my  stomach  churn. 

H.  Stewart 
Portsmouth,  Ohio 

Copyright  law  has  become  the  problem,  not  the 
answer.Let’s  try  a  radical  solution: start  limiting  copy¬ 
right  to  10  years  from  the  date  of  the  first  sale.  This 
would  force  the  manufacturers  to  innovate  and  ere 
ate  in  order  to  maintain  their  market.  This  sounds 
radical,  but  it’s  worth  thinking  about  how  this  would 
change  the  world  —  and  after  all,  the  original  U.S. 


E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01 772. 
Please  include  phone  number  and  address  for  verification. 


copyright  period  was  set  at  14  years  in  the  1700s,  so 
why  does  it  have  to  be  so  long  now? 

My  policy  is  not  to  copyright  anything  my  compa¬ 
ny  makes.  I  believe  we  can  innovate  faster  than  we 
can  copyright,  and  that  owning  a  copyright  would 
simply  have  meant  that  we’d  have  sat  on  our  duffs 
and  not  bothered  to  improve  our  products. 

Edmund  Cramp 
President 
Motion  Lab  Systems 
Baton  Rouge,  La. 

I  agree  with  the  points  Mark  Gibbs  raises  in 
“Leashing  the  dogs  of  law!’ However,  somehow  I  still 
manage  to  be  skeptical.  I  believe  the  majority  of  the 
people  in  the  U.S.  and  other  countries  are  decent 
and  have  strong  morals.  I  have  always  hoped  that  the 
Internet  would  provide  the  means  for  the  “ordinary 
folk”  to  gain  a  collective  voice  by  which  they  could 
make  themselves  heard.  This  has  not  really  hap¬ 
pened  to  my  knowledge.  There  have  been  a  few 
examples  of  an  electronic  collective  voice,  such  as 
the  Howard  Dean  campaign,  but  I  am  unaware  of 
other  serious  collaborations.Then  there  are  the  bad 
examples  —  in  Milwaukee,  a  local  church  benefit 
was  disrupted  by  a  large  number  of  teenagers  who 
seemed  to  work  as  an  organized  group. The  belief  is 
that  they  organized  via  Internet  chat  groups. 

Gibbs’  column  encourages  individuals  to  “stand  up 
and  be  counted.”  People  have  always  had  the  ability 
to  write  letters  and  use  their  phone  to  voice  their 
opinions.  I  don’t  see  any  reason  to  think  there  will  be 
an  increase  in  exercising  this  right.  I  hope  that  the 
Internet  can  let  larger  groups  of  like-minded  individ¬ 
uals  find  one  another  and  speak  with  one  voice. 

Jim  Schumacher 
Hartland,Wis. 


■  Members  of  the  medical  IT  community 
are  in  an  uproar  about  the  lack  of  control 
they  have  over  patching.  Read  their 
thoughts.  PAGE  42 
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BOTTOM  LINE 

Joel  Snyder 

From  a  security  viewpoint, VoIP  is  a  night¬ 
mare,  combining  the  worst  vulnerabili¬ 
ties  of  IP  networks  and  voice  networks. 
But  VoIPs  security  challenges  can  be  solved. 

All  it  takes  is  a  plan. 

Step  1:  Divide  and  conquer.  There  are  three  main  threats  to  VoIP 
security:  authentication  failures,  integrity  failures  and  privacy  fail¬ 
ures.  Consider  all  three  at  each  layer  of  your  VoIP  implementation. 

Step  2:  Start  with  the  physical  layer.  Ensure  the  integrity  of  your 
building  LAN.  Is  it  easy  for  someone  to  hack  in  and  launch  a  denial- 
of-service  attack?  Do  you  want  to  run  VoIP  over  a  separately  engi¬ 
neered  and  secured  network?  Most  VoIP  devices  don’t  support  the 
802.  IX  authentication  standard,  but  you  might  be  able  to  do  media 
access  control-based  security  —  even  if  it  looks  like  a  pain  to  man¬ 
age.  If  you  want  to  use  802.1 1  for  VoIP  access,  ask  your  wireless  ven¬ 
dor  about  QoS  and  roaming  requirements. 

Step  3:  Move  to  the  IP  layer.  Services  such  as  Dynamic  Host 
Configuration  Protocol  and  DNS  can  be  critical  to  your  VoIP  net¬ 
work.  Have  you  planned  for  their  reliability  and  security?  If  users  will 
access  your  VoIP  network  via  the  Internet,  a  VPN  tunnel  is  required. 
IPSec  and  Secure  Sockets  Layer  VPN  vendors  are  adding  VoIP  sup¬ 
port  to  their  products. 

Somewhere  between  Steps  2,3  and  4, you  have  to  deal  with  eaves¬ 
droppers.  Most  VoIP  in  the  corporate  LAN  won’t  be  encrypted,  which 
means  someone  potentially  can  tap  every  single  phone  call,  simul¬ 
taneously  in  your  network.  Determine  where  taps  could  be  installed 
and  secure  those  pieces  of  your  infrastructure,  or  install  your  own  for 


A  VoIP  security  plan  of  attack 


regulatory  reasons.  Hint:  Look  at  where  you  plugged  in  your  intru¬ 
sion-detection  system. 

Step  4:  The  session  layer  is  all  about  authentication.  Somewhere 
you  have  to  get  those  phones  registered  on  the  VoIP  network.  Test 
deployments  often  turn  off  authentication,  but  don’t  be  tempted. 

Step  5:  The  application  layer  is  the  hard  part.  Most  of  your  VoIP  net¬ 
work  is  going  to  run  on  phones,  which  have  limited  hardening  and 
poor  security  Plan  for  their  failure  and  the  need  to  upgrade  many  of 
them  very  quickly. 

The  VoIP  servers  all  will  run  a  general-purpose  operating  system, 
Windows  or  Unix.  You’ll  forever  have  tension  between  the  VoIP 
application  vendor,  which  doesn’t  want  you  to  touch  its  carefully 
tuned  systems,  and  the  operating  system  vendor,  which  will  release 
periodic  patches.  If  you  have  dreams  of  unprotected  VoIP  connec¬ 
tions  over  the  Internet,  you’ll  not  only  open  yourself  to  huge  risks 
but  also  put  yourself  on  an  upgrade  treadmill  with  your  firewall 
vendor  as  it  tries  to  get  its  VoIP  code  right.  Consider  carefully 
whether  the  potential  for  failure  is  worth  the  benefits  —  and  be 
sure  to  tighten  down  whatever  firewall  you  do  have  to  the  smallest 
target  you  can. 

There’s  a  lot  to  consider  in  VoIP  security  Some  VoIP  in  every  corpo¬ 
ration  is  inevitable,  so  get  cracking  now  and  figure  out  how  you’re 
going  to  secure  it. 


VoIP’s  security 
challenges  can 
be  solved.  All  it 
takes  is  a  plan. 


Snyder,  a  Network  World  Test  Alliance  partner,  is  a  senior  partner  at 
Opus  One  in  Tucson,  Ariz.  He  can  be  reached  at  joel. snyder 
@opusl  .com. 


CACHE  ADVANCE 

Linda  Musthaler 

Attention  friends  and  acquaintances: 
Please  stop  sending  me  invitations  to 
join  your  electronic  social  networks.  I 
know  Plaxo,  Friendster,  Tickle  and  other  net¬ 
working  tools  help  you  remember  my  address 
and  phone  number,  but  I’d  prefer  you  hand- 
write  them  in  your  little  black  book. At  least  the 
data  will  belong  to  you  alone  and  won’t  be  shared  with  the  world. 

It  seems  not  a  week  passes  that  I  don’t  get  an  invitation  to  join  one  of 
these  social  networks.  So,  being  the  skeptic  that  I  am,  I  did  a  bit  of 
research  about  them.  What  I  found  scared  the  heck  out  of  me,  and  it’s 
enough  to  give  a  corporate  privacy  officer  heart  palpitations. 

Let’s  use  Plaxo,  a  contact  management  application,  as  an  example  of 
an  application  that  can  run  amok  in  the  corporate  environment.  It 
might  be  fine  for  home  use,  but  keep  it  out  of  the  enterprise. 

According  to  Plaxo’s  Web  site, “Plaxo  2.0  plugs  directly  in  to  Outlook 
or  Outlook  Express.Your  existing  contacts,  calendar,  tasks  and  notes  will 
be  quickly  backed  up  to  the  Plaxo  Network  and  up-to-date  —  with  no 
extra  steps  required!  Not  only  will  you  have  a  secure  backup  of  your 
vital  information, you  can  access  it  from  anywhere  using  Plaxo  Online.” 
(For  more  on  Plaxo,  go  to  www.nwfusion.com,  DocFinder:  3722.) 

In  my  book,  this  isn’t  backing  up  my  contact  information;  it’s  stealing. 
All  the  names  and  private  information  in  my  Outlook  contacts  list  can 
get  sucked  into  this  online  service.  I’d  have  no  clue  where  that  private 
data  is  going  or  who  has  access  to  it.  What’s  more,  the  people  whose 
information  has  just  been  transferred  have  not  given  their  consent  to 
expose  their  personal  data.  My  company  like  most,  considers  this  a 
major  breach  of  our  data  privacy  policy. 

Of  course,  this  theft  of  private  data  is  only  going  to  occur  if  you  install 
the  Plaxo  client  and  use  Plaxo  to  maintain  your  social  network.  What’s 
the  harm  in  simply  responding  to  a  friend’s  request  to  enter  your  per¬ 
sonal  information  into  his  Plaxo  network?  Well,  duh,  then  all  your  pri¬ 
vate  information  goes  off  to  the  server  in  La-La  Land,  and  there’s  no 


Leave  social  networks  at  home 


telling  what  happens  to  it  from  there. And  it  gets  worse.  I  assume  that  at 
least  a  few  people  have  my  name  in  their  Outlook  contacts  list.  If  those 
people  install  Plaxo  at  work,  then  my  private  data  gets  sucked  into  the 
Plaxo  black  hole,  whether  or  not  1  agree  to  it. 

In  fairness  to  Plaxo,  it  does  have  a  privacy  policy  under  which  it 
agrees  to  protect  privacy  rights.  But  the  company  is  mostly  concerned 
about  its  members’  privacy  not  that  of  its  members’  contacts. 

There  are  many  other  social  network  applications.Some  are  business- 
oriented,  while  others  are  better  suited  for  friends.  Regardless  of  the 
application,  they  all  collect  and  store  private  information  about  you 
and  your  contacts.  I  strongly  encourage  all  users  of  these  networks  to 
read  every  word  of  the  privacy  policy  before  joining  or  submitting  infor¬ 
mation  and  to  run  away  from  the  network  if  anything  in  the  policy 
makes  you  nervous. 

As  a  network  executive  concerned  with  privacy  and  data  protection, 
you  should  discourage  your  co-workers  and  colleagues  from  using  the 
applications  at  work  and  from  submitting  information  to  these  public 
networks.  At  the  very  least, your  organization  should  prohibit  entering 
any  company-owned  information  into  a  social  network.  This  includes 
company  e-mail  addresses  and  phone  numbers.  If  Sally  in  Accounting 
wants  to  enter  her  Yahoo  e-mail  address  and  home  phone  number, 
that’s  her  business,  but  she  should  not  use  her  corporate  e-mail  address 
and  phone  number.  And  she  should  do  it  from  home,  not  the  office. 

I’m  not  suggesting  that  these  social  networks  intend  to  misuse  private 
information,  but  we  IT-sawy  people  know  that  accidents  and  abuse  can 
happen. 

Data  privacy  is  nothing  to  take  lightly  While  these  networks  might 
have  good  intentions,  these  services  should  not  be  trusted  in  the  enter¬ 
prise  environment  unless  your  company  enters  into  a  specific,  legally 
binding  contract  that  adheres  to  your  corporate  privacy  policy 


I  strongly  encour¬ 
age  all  users  of 
these  networks 
to  read  every 
word  of  the  pri¬ 
vacy  policy . . . 


Musthaler  is  vice  president  of  Currid  &  Company,  a  technology  assess¬ 
ment  firm  in  Houston.  She  can  be  reached  at  linda@currid.com. 


www,  nwfusion.com 


9/13/04 


Opinions 


The  medical 
upgrade  mess 

Mark  Oihfe s’  BackSpin 
columns  “Oheap  and  now 
meets  medical  gear  and 
viruses”  www.nwfusion. 
com,  DocFinder:  3724) 
and  "Market  factors  meet 
medical  gear,  upgrades” 
(DocFinder:  3725)  struck 
a  nerve  with  readers. 
Here's  what  some  of  you 
had  to  say  about  this  hot 
topic. 


I  agree  that  medical  equipment  manufacturers  are 
often  caught  between  a  rock  and  a  hard  place.  They 
have  little  or  no  control  over  how  their  products  are 
deployed  but  are  held  responsible  when  their  gear  picks 
up  a  virus  or  other  problem  that  can  be  traced  to  net¬ 
working.  They  need  to  upgrade  equipment,  but  Microsoft 
and  other  vendors  issue  patches  and  additional  func¬ 
tionality  faster  than  the  manufacturers  can  do  exhaustive 
testing.  Now  the  federal  government  is  looking  to  crack 
down  on  them  in  a  very  arbitrary  fashion.  I  certainly  don’t 
have  all  the  answers,  but  I  do  agree  that  the  market 
should  help  drive  the  changes  to  be  made.  Of  course, 


7  compatible.  That  turned  out  to  be  the 
problem.  We  managed  to  find  a  new  color 
DeskJet  printer  that  was  PS-3  compatible. 
Do  you  know  how  hard  it  is  to  find  a  new 
printer  with  old  PostScript  compatibility? 

I  didn’t  purchase  cheap  medical  equip¬ 
ment.  I  chastised  the  company  from  the  get- 
go  about  their  choice  of  operating  system 
for  the  equipment.This  piece  of  equipment 
is  state  of  the  art  and  I  cannot  replace  it 
with  anything  better.  I’ve  put  all  the  pres¬ 
sure  on  the  vendor  that  I  can,  but  I’m  help¬ 
less  in  the  matter. 

Gibbs’  logic  is  untenable  in  many  cases  of 
health  equipment  and  healthcare  facilities 
being  held  hostage  by  the  vendors.  That’s 
the  way  it  is,  and  frequently  a  medical  per¬ 
son  does  not  have  the  luxury  of  stiffing  one 
company  just  to  purchase  from  another  — 
we  do  the  best  with  what  we  have.  This 
issue  isn’t  as  simple  as  it  may  seem,  nor  is  it 
easily  solvable. 

Eugene  Worth 
Columbia,  Mo. 


Economics  is  not  responsible  for  the 
medical  device  upgrade  mess.  The  real 
problem  is  the  trial  lawyers  waiting  for  a 
chance  to  make  a  quick  buck.  In  principle 
the  disruptions  upgrading  creates  in  med¬ 
ical  environments  are  no  different  from 
those  in  other  situations.  Such  disruptions 
are  not  even  specific  to  computers.  When 
leaded  gasoline  disap¬ 
peared,  millions  of  small 
farm  machines  were  unable 
to  run.  When  sulfur  was 
removed  from  diesel  fuel, 
thousands  of  diesel  injection 
pumps  failed,  dumping 
diesel  fuel  into  the  environ¬ 
ment.  When  my  daughter’s 
cell  phone  recently  broke, 
she  was  told  it  was  no  longer 
repairable  and  would  need 
to  be  replaced  with  a  new 
GSM  phone  —  and  all  other 
phones  on  the  account 
would  have  to  be  changed  to 
GSM  at  the  same  time. 

The  difference  with  com¬ 
puters  is  that  small  gasoline  engines  run  for 
up  to  20  years  without  compatibility  prob¬ 
lems;  diesel  engines  might  last  even  longer; 
a  cell  phone  lasts  up  to  four  years  without 
incompatibility;  but  Windows  requires 
upgrading  almost  weekly  to  fix  serious 
problems. 

Les  Denham 
Houston 

Isolation  of  medical  equipment  is  a  Holy 
Grail  in  many  organizations  because  doc¬ 
tors  and  technicians  want  to  process  stud¬ 
ies  from  their  desks.lt  only  takes  seconds  to 
unleash  a  worm,  and  that  can  be  easily 
introduced  in  any  network,  isolated  or  not. 

1  don’t  understand  why  hospitals  should 
be  expected  to  foot  the  bill  to  isolate  sys- 


God  forbid  that  the  manufacturers  get  together  and 
develop  some  standards  for  how  their  equipment  is 
deployed.  I  can  just  hear  the  anti-market  ambulance 
chasers  —  oops,  lawyers  —  slamming  on  their  brakes 
and  doing  a  180  to  beat  a  path  to  their  local  courthouse 
and  file  anti-trust  suits  for  collusion. 

Brent  Stover 
Austin,  Texas 


terns,  do  their  own  testing  or 
purchasing  safer  equipment. 
The  vendors  have  no  prob¬ 
lem  charging  $25,000  for  the 
exact  same  plasma  screen 
that  can  be  purchased  any¬ 
where  else  at  half  the  price, 
just  because  someone  put  a 
seal  in  it  indicating  medical 
use.  (There  are  literally  no 
modifications  to  the  screens; 
they  just  pass  the  tests.) 

These  vendors  charge  hun¬ 
dreds  of  thousands  of  dollars  for  medical 
equipment  and  maintenance  fees.  And  you 
are  telling  me  they  can’t  test  these  in  a  time¬ 
ly  manner?  Very  rarely  do  these  vendors 
ever  test  patches,  yet  they  choose  the  oper¬ 
ating  system  to  run  their  equipment.  They 
should  understand  the  repercussions  of 
their  choices  and  expect  to  help  out  some. 

Mark  Gingell 
Norfolk, Va. 

Late  last  year  my  organization  purchased 
a  $32,000  piece  of  medical  equipment  that 
measures  oxygen  levels  at  the  skin  surface. 
It  was  the  only  one  on  the  market  that  met 
our  needs  at  a  reasonable  price.  One  of  the 
necessary  outputs  from  this  machine  is  a 
color  graph  of  the  data  points  that  are  cap¬ 


tured  during  the  hour-long  test.  The  manu¬ 
facturer  used  Windows  CE  as  the  operating 
system,  and  the  device  is  locked  down  so 
that  the  user  can’t  change  it. 

I’ve  been  round  and  round  with  the  man¬ 
ufacturer  that  there  is  an  RJ45  network 
port  on  the  back  of  the  machine  that  would 
let  me  access  the  data  from  the  machine  as 
though  it  were  another  hard  drive  on  my 
clinic  computer.  No  go.  In  fact, the  company 
said  that  any  changes  in  the  operating  sys¬ 
tem  of  this  device  would  require  them  to 
go  before  the  FDA  for  approval. 

Here’s  the  problem.  The  company  said 
that  any  PS-compatible  printer  would  work 
on  the  device.  Our  old  HP  990cse  bit  the 
dust,  so  we  bought  a  new,  PS-compatible 
HP  2300  color  printer.  As  soon  as  I  hooked 
it  up  to  the  medical  device,  the  top  half  of 
the  graph  printed,  then  it  bailed  with  unin¬ 
telligible  gibberish.The  vendor  claimed  the 
problem  was  with  the  printer.  HP  claimed 
the  problem  was  with  the  medical  device.  I 
spent  the  better  part  of  an  afternoon  doing 
my  own  troubleshooting  and  eventually 
found  that  the  old  HP  printer  was  PS-3  com¬ 
patible  while  the  new  one  was  PS-5  and  PS- 


The  reason  medical  device  companies 
use  off-the-shelf  operating  systems  is  sim¬ 
ple:  reduced  cost  for  both  the  operating 
system  itself,  as  well  as  reduced  labor  cost 
of  coders  who  can  write  applications  in 
the  operating  system.  What  is  unseen  by 
the  “Use  a  dedicated  ROM  OS”  crowd  is 
the  numerous  medical  devices  that  didn’t 
exist  until  a  commodity  operating  system 
made  it  possible  for  entrepreneurs  to 
enter  the  market  once  dominated  by  a 
handful  of  companies. 

Are  networked  devices  based  on  com¬ 
modity  operating  systems  more  vulnera¬ 
ble  to  attack?  Yes.  Is  it  better  to  have  access 
to  inexpensive  life-saving  equipment  with¬ 
out  waiting  (or  dying  while  waiting),  and 
taking  the  chance  that  a  virus  affects  that 
system?  My  personal  vote  is,  it  depends. 
For  a  routine  ultra-sound  or  checkup, hook 
me  up  to  the  Windows-based  machine, 
and  I’ll  take  the  chance  that  a  picture  gets 
lost  during  a  worm  outbreak.  During  open- 
heart  surgery,  I  want  to  be  hooked  up  to  a 
totally  non-networked,  custom-built,  ROM 
OS-based  life  support  system. 

That’s  what  a  free  market  in  medicine  is 
all  about.  An  informed  medical  consumer, 
free  to  make  an  individual  cost-benefit 
analysis,  should  be  able  to  determine 
what  level  of  risk  they’re  willing  to  take  for 
what  cost  and  in  what  situation. The  worst 
possible  solution  is  to  leave  the  decision 
in  the  hands  of  bureaucrats  with  their  one- 
size-fits-all  mentality  and  lack  of  situation- 
specific  information. The  fact  that  the  FDA 
has  failed  thus  far  to  contribute  anything 
useful  to  the  medical  device  safety  debate 
should  be  all  the  proof  needed  that  this 
agency  should  stay  out  of  the  way  and  let 
the  free  market  evaluate  the  relative  safety 
and  usefulness  of  medical  devices. 

John  Keller 
Atlanta 
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Proactive  Management  with  Real-Time  Monitoring 
Keeps  Research  Flowing  on  Berkeley  Lab’s  Network 


WiniiUi'M 


Network  traffic  is  doubling  every  year  at 
Lawrence  Berkeley  National  Laboratory  -  not 
too  surprising  given  that  some  19,000  devices 
and  4,300  users  are  connected  to  LBLnet.  And 
not  just  any  users,  but  scientists  and 
researchers  investigating  everything  from 
nanoscience  and  genetics  to  particle  physics. 
The  6,000  computers  connected  to  LBLnet 
range  from  PCs  to  industrial  computing  equip¬ 
ment,  and  run  a  spectrum  of  applications  and 
operating  systems  from  the  mundane  to  the 
highly  specialized. 

“Our  network  is  becoming  a  utility,”  says  Mike 
Bennett,  a  senior  network  engineer  in  the 
LBLnet  Services  Group.  This  11 -member  team 
manages  the  Ethernet-based  network,  providing 
LAN  access  to  local  as  well  as  remote  LBLnet 
users,  who  include  Lab  administrators  and  staff, 
researchers,  and  students. 

“People  expect  to  be  able  to  plug  into  the 
network  and  be  fully  operational.  With  the 
disparate  systems,  applications  and  operating 
systems  we  support,  that  is  not  an  easy  task,” 
Bennett  notes.  Keeping  ahead  of  traffic  growth 
is  one  of  the  challenges  the  Services  Group 
faces.  And  with  such  a  small  team,  having  the 
right  tools  for  monitoring  and  troubleshooting 
is  a  necessity. 

An  interruption  in  traffic  flow  could  be  due  to 
any  number  of  conditions  on  a  network  as  large 
and  diverse  as  LBLnet.  Managing  LBLnet  is 
further  complicated  by  the  nature  of  its  users, 
whose  applications  continually  demand  more 
bandwidth.  The  majority  of  LBLnet’s  connec¬ 
tions  are  currently  Fast  Ethernet,  with  most 
distribution  links  using  Gigabit  Ethernet. 


“People  expect  to  be  able  to  plug- 
into  the  network  and  be  fully 
operational.  With  the  disparate 
systems,  applications  and 
operating1  systems  we  support, 
that  is  not  an  easy  task.” 

In  an  effort  to  stay  on  top  of  the  lab’s 
networking  requirements,  Bennett  has  been 
tracking  the  Institute  of  Electrical  and  Electronics 
Engineers’  (IEEE)  efforts  to  standardize  10 
Gigabit  Ethernet  over  copper  wire.  Bennett 
serves  as  an  informal  liaison  for  users,  such  as 
Berkeley  Lab  and  other  national  laboratories, 


“Finisar’s  THG/Surveyor  network 
analysis  solution  provides  us 
with  complete  network  packets 
and  enables  us  to  get  at  the 
root  of  problems.” 

Mike  Bennett 

Senior  Network  Engineer,  LBLnet  Services  Group 


that  are  early  adopters  of  new  technologies. 
His  influence  in  the  industry  lead 
NetworkWorldFusion  last  year  to  name 
Bennett  one  of  the  50  most  powerful  people  in 
networking.  He’s  intimately  familiar  with  the 
issues  facing  organizations  that  continually 
push  the  technology  envelope,  including  what  it 
takes  to  manage  a  complex  network. 

“With  the  amount  of  data  sent  over  LBLnet 
roughly  doubling  each  year,”  Bennett  notes, 
“it’s  crucial  that  we  have  an  effective  means  of 
troubleshooting,  analyzing,  and  predicting  net¬ 
work  performance.  To  proactively  manage  our 
LAN,  we  need  to  monitor  its  overall  health  on 
an  ongoing  basis.” 

Among  the  tools  the  group  uses  are  Finisar’s 
THG  (Ten,  Hundred,  Gigabit)/  Surveyor  analysis 
and  monitoring  solution  for  10/100  and  1 
Gigabit  Ethernet  networks.  Consisting  of  hard¬ 
ware  and  software,  THG/Surveyor  performs 
real-time,  line-rate  data  capture  and  monitoring. 
It  provides  comprehensive  7-layer  protocol 
decodes  for  more  than  250  protocols. 

The  Surveyor  software  provides  a  consistent, 
intuitive  user  interface  along  with  extensive 
expert  analysis  for  rapid  problem  identification 
and  resolution. THG/Surveyor  lets  users  easily 
set  capture  filters,  view  full  7-layer  decodes  of 
captured  packets,  and  display  a  variety  of  statis¬ 
tics  to  get  an  instant  picture  of  the  status  and 
performance  of  any  network  segment.  In  select¬ 
ing  management  tools,  Bennett  and  the  LBLnet 
Services  Group  looked  for  products  capable  of 
comprehensive,  accurate  data  capture. 

“If  you’re  doing  real-time  analysis  or  trouble¬ 
shooting  of  a  network,  you  can't  afford  to  drop 


packets,"  Bennett  said.  “We  need  full  data  cap¬ 
ture  in  real-time,  or  we  run  the  risk  of  not  get¬ 
ting  the  information  we  need  to  solve  the  prob¬ 
lem.  Finisar’s  THG/Surveyor  network  analysis 
solution  provides  us  with  complete 
network  packets  and  enables  us  to  get  at  the 
root  of  problems.” 

To  keep  on  top  of  LAN  activity,  the  LBLnet 
Services  Group  has  set  up  THG/Surveyor  to 
monitor  the  network’s  top  10  data  flows.  This 
data,  which  is  refreshed  at  five-second  intervals, 
is  displayed  on  a  42-inch  monitor,  enabling  the 
team  to  track  network  utilization,  errors,  and 
which  lines  are  the  most  utilized  and  to  get  a 
visual  snapshot  of  the  LAN's  health  at  a  glance. 

“Even  with  the  magnitude  of  our  network 
operations,  we  don’t  really  have  a  Network 
Operations  Center,"  Bennett  notes.  “What  we 
have  is  a  set  of  cubicles  and  a  few  offices  with 
this  big  screen  hovering  overhead.  When  you 
consider  the  scope  of  what  we  accomplish,  the 
number  of  people  we  support,  and  the  number 
of  people  we  do  it  with,  we  operate  fairly  lean.” 

Bennett  credits  good  management  tools 
with  helping  make  the  task  feasible:  “Tools  like 
Finisar’s  network  analyzers  go  a  long  way 
towards  helping  us  stretch  our  resources  and 
keep  our  network  up  and  running  to  meet  the 
scientific  and  administrative  needs  of  the  Lab." 
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The  Only  Event 
Exclusively  for  Applications  of 
Satellite  Communications 


•Complimentary  Posses  are  offered  only  to 
‘Fnd-Users”  defined  as  the  following:  Media 
&  Entertainment  firms,  active  duty  Military 
and  Government,  or  a  private  sector  business 
that  uses  satellite  and  communications 
technology  but  does  not  sell  satellite  and 
related  services,  equipment,  integration  or 
consulting. 


Satellite  Application  Technology  Conference  &  Expo 


Learn  the  Value  of  IP,  Broadband 
and  Rich  Media  over  Satellite 


SATCON  is  the  only  place  to  hear  panels  of 
expert  end-users  tell  you  the  why  and  how  of 
satellites 


Hear  it  from  those  who  know: 

•  Executives  from  Dollar  General,  General  Motors,  Fed-Ex,  Pfizer,  Halliburton, 
McDonalds,  Georgia  Pacific  and  Allstate 

•  the  people  who  make  the  decisions  from  CNN,  ABC,  CBS,  BBC,  NBC  and  HBO 

•  the  people  with  responsibility  for  our  security  and  well-being  from  the 
Department  of  Defense,  and  US  and  international  government  agencies 

October  26-27,  2004 
Jacob  Javits  Convention  Center 

New  York,  NY 

www.satconexpo.com 

Satellite  Solutions  for  Business, 
Government  &  Military, 
Media  &  Entertainment 
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Dual-WAN  routers 
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NetworkWorld 


Double  your  broadband,  double  your  fun 


■  BY  JAMES  E.  GASKIN,  NETWORK  WORLD  LAB  ALLIANCE 

With  more  than  27.4  million  broadband  subscribers  in  the  U.S., chances 
are  you  have  access  to  multiple  WAN  connections  (DSL,  cable,  satellite 
or  all  three).  For  small  businesses  and  others  who  want  Internet  access 
redundancy  and  improved  speed,  companies  are  producing  dual-WAN 
routers  for  combining  two  broadband  connections  on  your  network. 


We  recently  tested  five  dual-WAN 
routers  —  the  ZyWall  70  from  Zyxel 
Communications;TZ  170  from  Sonic  Wall; 
XC-DPG602  from  Xincom;  H2WR54G 
from  Hawking  Technologies;  and  Forti- 
Gate-60  from  Fortinet  —  and  focused  on 
their  ability  to  control  a  WAN  connection 
and  other  features.  We  also  tested  the 
Safe@Office  225  from  Check  Point,  which 
only  offers  failover  but  not  concurrent 
access  (see  story  page  46). 

TheTZ  170  from  Sonic  Wall  gets  the  nod 
for  our  favorite  (Clear  Choice  Award),  for 
its  security,  configuration  options  and 
additional  features  (some  at  extra  cost). 
Budget  seekers  should  rejoice  at  Haw¬ 
king’s  product,  which  includes  wireless 
support,  and  the  Zyxel  ZyWall  70  comes 


in  a  close  second  to  SonicWall. 

Choosing  your  features 

Many  of  the  routers  will  support: 

•  Outbound  load  balancing. 

•  Inbound  load  balancing  (low-end 
units  have  outbound  only). 

•  QoS. 

•  VPN. 

•  Demilitarized  zone  (DMZ). 

•  Virus  filtering  on  content  (both 
inbound  and  outbound)  and  e-mail  (at 
least  inbound). 

•  Intrusion  detection. 

•  Web  content  filtering. 

Routers  vary  in  CPU  speeds  and 
amount  of  RAM,  usually  reflected  by  the 
number  of  VPN  connections  supported 


concurrently  Because  connection  counts 
for  all  these  systems  start  in  the  thousands 
of  dollars,  midsize  networks  should  not 
feel  limited.  However,  the  number  of  VPN 
sessions  supported  often  have  server 
restrictions,  so  check  carefully  if  your  net¬ 
work  needs  to  support  many  VPN  clients. 

The  inbound  load-balancing  features 
make  the  routers  useful  when  combin¬ 
ing  two  of  the  same  high-speed  WAN 
connections,  such  as  two  cable  modem 
links.  Because  cable  downstream  speeds 
range  from  1 .5M  to  3M  bit/sec  and  DSL 
links  provide  less  than  512K  bit/sec,  a 
mixed  pair  of  connections  offers  little 
speed  improvement  and  can  slow 
access  if  misconfigured.  However,  a 
mixed  connection  still  offers  Internet 


SonicWall  just  added  load  balancing  to  its 
TZ  170. 


access  redundancy 

One  warning  on  every  dual-WAN  sys- 
tem:You  must  be  able  to  route  all  outgo¬ 
ing  SMTP  traffic  to  the  appropriate  WAN 
link.  Most  ISPs  reject  all  mail  not  origi¬ 
nating  on  their  own  network,  so  routing 
an  outgoing  e-mail  to  the  wrong  WAN 
link  results  in  an  error.  Using  an  internal 
e-mail  server,  one  connected  to  the 
DMZ,  or  sending  e-mail  through  a  Web¬ 
hosting  service  rather  than  an  ISF)  elimi¬ 
nates  this  problem. 

SonicWall  shines 

During  our  testing, the  SonicWall  TZ  1 70 
developers  plugged  a  major  hole  in  their 
feature  list  by  supporting  load  balancing 
for  incoming  traffic  with  a  new  firmware 
revision.  But  you  must  purchase  the 
enhanced  operating  system  to  get  the  TZ 
170  to  support  dual- WAN  connections. 
The  same  small  plastic  housing  supports 
all  the  various  TZ  1 70  permutations,  so 
looks  don’t  indicate  supported  features. 

Installation  and  configuration  took 
some  time.  Unlike  the  other  units  we 
tested,  the  TZ  170  does  not  enable  its 
Dynamic  Host  Configuration  Protocol 
(DHCP)  server  by  default.  You  must 
change  your  computer  address  to 
match  the  default  IP  network  settings  of 
the  TZ  170,  then  configure  the  DHCP 
address  range  along  with  other  initial¬ 
ization  settings  through  its  attractive  wiz¬ 
ard.  But  after  rebooting  and  head- 
scratching,  we  discovered  that  setting 
the  DHCP  range  does  not  turn  on  the 
DHCP  server,  and  we  had  to  turn  it  on 
manually. The  quick-start  guide  includes 
nine  pages  of  dense  text,  blunting  the 
idea  of  a  “quick” start.  Our  technical  sup¬ 
port  contact  agreed  that  the  DHCP  con¬ 
figuration  was  a  bad  design  decision 
and  he  had  no  explanation. 
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Company:  SonicWall 
Cost:  Between  $525 
and  $975,  depending  on 
software.  Pros:  Flexible 
firewall  rules  andservices;  excellent  security 
controls;  quick  fail  over  and  reconnect. 

Cons:  Aggravating  DHCP  installation;  multiple 
services  require  more  money. 


Company:  Zyxel  Cost:  About  $1,050. 
Pros:  Easy  installation;  copious  manual; 
good  online  application  notes;  port  flexibility 
(5  DMZ  Ethernet  ports,  1  LAN  port).  Cons: 
Little  use  of  slowerWAN  link;  console 
commands  needed  for  SMTP  outbound 
routing  control. 


Company:  Xincom  Cost:  About  $700. 
Pros:  Easy  installation  and  WAN 
setup;  clear  administration  screens; 
quick,  sometimes  seamless,  WAN  fail¬ 
over.  Cons:  Difficult  security  and 
firewall  configuration;  requires 
Microsoft  Internet  Explorer. 


OVERALL  RATING 

OVERALL  RATING 

FortiGate-60 

eEDDM 

Company:  Fortinet  Cost:  About  $700. 
Pros:  Quick  fail  over  and  recovery;  plenty 
of  extra  (optional)  features  available. 
Cons:  Confusing  configuration;  no  real¬ 
time  status  information  on  the  Status  page. 


Company:  HawkingTechnologies 
Cost:  About  $130.  Pros:  Least  expensive; 
includes  decent  802. 1 1  g  wireless  access 
point/router.  Cons:  Serious  installation  glitch; 
no  way  to  route  SMTP  to  one  WAN. 


The  breakdown 

SonicWall 

Zyxel 

Xincom 

Fortinet 

Hawking 

WAN  handling,  load  balancing  support  30% 

4 

3.5 

4 

3.5 

3 

Security  features  20% 

4.5 

4 

3.5 

3.5 

3 

Installation  and  configuration  15% 

3 

4 

4 

2 

2 

Network  monitoring  15% 

3.5 

3.5 

3 

1.5 

3 

Documentation  10% 

4 

4 

3 

2 

2.5 

Additional  features  10% 
(VPNs.  DMZ,  SMTP  handling) 

4 

4 

3 

4 

2 

TOTAL  SCORE 

3.88 

3.78 

3.55 

2.88 

2.80 

Scoring  Key:  5:  Exceptional;  4:  Very  good;  3:  Average;  2:  Below  average;  1:  Consistently  subpar 
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Clear  Cheice  Test 


Because  only  the  tested  enhanced  ver¬ 
sion  of  theTZ  170  includes  dual-WAN  sup¬ 
port,  there’s  no  WAN2  plug  on  the  unit  (soft¬ 
ware  adds  the  feature).  Using  the  OPT 
(optional)  Ethernet  connector  WAN2  isn’t 
a  problem  because  any  or  all  of  the  five 
10/100Base-T  Ethernet  ports  on  the  unit 
can  be  configured  for  DMZ  use.  The 
SonicWall  Web-based  administration  utility 
includes  stacked  menus  on  the  left  side  of 
the  screen,  but  no  tabbed  pages  on  the 
right. Instead, multiple  command  icons  pop 
open  new,  smaller  windows  for  configura¬ 
tion  settings  or  explanation.  This  sounds 
clumsier  than  it  is,  because  drilling  down 
into  details  works  easily  Multiple  wizards 
await  for  chores  such  as  VPN  settings,  pub¬ 
lic  server  (DMZ)  access  and  initial  setup. 

The  good  news:  SonicWall  provides  great 
flexibility  in  configuring  its  firewall.The  bad 
newsiThere  is  almost  too  much  to  learn  and 
handle  for  most  small-business  users  who 
will  require  help  from  their  reseller.  Where 
the  ZyWall  had  44  services  configured  in 
the  drop-down  menu,  the  TZ  170  has  140. 


SonicWall  uses  Zones  for  networks,  includ¬ 
ing  several  screens  of  a  matrix  describing 
the  relationship  of  zones  (WAN-to-LAN,  for 
example)  and  which  firewall,  routing  or  net¬ 
work  address  translation  rules  apply  to  that 
particular  connection.  You  even  can  have 
five  different  classes  of  users,  from  Everyone 
to  Limited  Administrators,  and  include  any 
class  in  a  rule.  Few  small  to  midsize  busi¬ 
nesses  will  be  able  to  configure  this  without 
help,  but  getting  help  will  provide  them  with 
excellent  protection. 

Handling  the  dual-WAN  connection 
worked  well  on  theTZ  170. Unlike  all  other 
units  we  tested,  the  TZ  170  picked  up  and 
continued  to  stream  audio  files  when  we 
disconnected  the  cable  modem  and 
forced  the  unit  to  switch  to  the  DSL  con¬ 
nection.  It  also  switched  to  the  faster  ser¬ 
vice  when  we  re-connected,  again  without 
interruption. 

Security  options  abound,  but  order  them 
carefully  For  example,  you  can  purchase 
network  anti-virus  and  server  anti-virus,  but 
not  have  e-mail  anti-virus  filtering. 


Nodes/users  are  counted  by  active  IP 
addresses  on  the  network  rather  than  con¬ 
current  users  through  the  router,  so  you 
might  need  more  licenses  than  you  think. 

SMTP  routing  to  the  proper  WAN  port  took 
only  a  few  mouse  clicks.  Five  drop-down 
menus  led  us  through  choosing  the  source 
(LAN), the  destination  (any), service  (SMTP 
send  e-mail),  gateway  (WAN  Primary  IP), 
and  interface  (WAN). Once  we  got  over  the 
surprise  at  all  the  choices  available,  making 
rules  wasn’t  difficult,  and  we  could  tweak 
settings  the  way  we  wanted  them. 

Although  a  bit  aggravating  to  get  the  right 
options  purchased  and  DHCP  figured  out, 
once  running,  the  SonicWall  offered  a 
wealth  of  pre-defined  firewall  settings  and 
choice,  and  the  only  failover  that  kept  up  a 
continuous  audio  stream. 

Zyxel  ZyWall  70 

Called  an  Internet  security  appliance  to 
emphasize  features  beyond  routing,  the 
ZyWall  70  is  one  of  11  routers  that  Zyxel 
calls  an  appliance  or  a  gateway  Installation 
involved  booting  clients  to  accept  IP 
address  information  from  the  ZyWall  70 
box  to  start  configuration. Screens  are  clear 
and  well  laid  out,  with  a  menu  down  the 
left  side  and  page  tabs  shown  clearly  on 
the  active  page.  The  electronic  manual  is 
long  (713  pages), but  includes  hundreds  of 
pages  devoted  to  the  console  connection 
and  old-fashioned  (and  somewhat  painful) 
terminal  command  interface  and  com¬ 
mand  syntax. 

You  can  set  up  a  DMZ,  but  there  is  no  sep¬ 
arate  Ethernet  port  for  it.  IP  addresses  sepa¬ 
rate  traffic  for  each  DMZ  system.  While  this 
works,  a  specific  port  is  always  appreciated 
to  avoid  confusion  and  limit  port-specific 
configuration  chores.  Default  traffic  rules 
allow  connections  between  the  DMZ  and 
the  WANs  in  both  directions,  and  only 
allows  outbound  traffic  from  the  LAN  to 
the  DMZ.Traffic  from  the  DMZ  to  the  LAN  is 
blocked  unless  rules  are  added  to  allow 
access,  which  is  the  security  configuration 
we  expected. 

Managing  the  ZyWall  70  is  simple  be¬ 
cause  of  its  clear  Web  management  appli¬ 
cation  interface.  The  Home  page  shows 
that  status  for  each  type  of  connection 
(LAN,  WAN,  wireless  LAN  and  DMZ)  with 
buttons  the  display  statistics,  DHCP  table  or 
VPN  status  with  one  click. 

Security  controls  include  the  firewall, 
certificate  controls  (trusted  certificate 
authorities  and  trusted  remote  hosts), 
RADIUS  support  and  a  complete  content 
filter  option.  The  firewall  uses  stateful 
packet  inspection  with  denial-of-service 
protection.  Firewall  rules  are  easy  to  cre¬ 
ate,  with  check  boxes  and  44  services  pre¬ 
defined  for  easy  control. Time-of-day  con¬ 
trols  for  firewall  rules  also  are  included, 
providing  a  fairly  complete  and  workable 
security  control  situation. 

The  ZyWall  70  let  us  specify  the  WAN1 
port  for  all  outgoing  SMTP  traffic  but 
required  the  use  of  console  commands 
outside  the  regular  management  interface. 

Bandwidth  management  includes  options 
to  define  classes  and  provide  extra  band¬ 


width  to  certain  classes,  such  as  VoIP  or 
video.  Engaging  the  priority-based  scheduler 
allocates  extra  bandwidth  to  configured  ser¬ 
vices,  such  as  VoIR  while  the  fairness-based 
scheduler  tries  to  keep  things  even  between 
the  service  classes,  and  adjusts  easily  with  a 
mouse  click.  This  approach  also  makes  it 
easy  to  configure  symmetrical  or  asymmet¬ 
rical  WAN  links.The  ZyWall  70  installed  eas¬ 
ily  provided  great  port  flexibility  with  four 
DMZ  ports,  included  plenty  of  firewall  detail 
and  supports  an  optional  wireless  PC  Card. 
But  forcing  traffic,  such  as  SMTRto  a  particu¬ 
lar  WAN  port  required  console  commands 
via  telnet. 


Xincom's  router  lacks  VPN  support. 


Xincom  XC-DPG602 

The  fourth  in  a  five-member  family  of 
dual-WAN  routers,  the  XC-DPG602  lacks 
VPN  support,  but  does  have  inbound  load 
balancing  (as  does  the  603,  but  no  others). 
Scaling  up  from  the  low-end  402,  the 
Xincom  Twin  WAN  line  also  includes  the 
502,503  and  603  (in  addition  to  the  602  that 
we  tested). 

The  quick-start  guide  is  exactly  that,  cover¬ 
ing  all  necessary  details  on  both  sides  of  a 
5-  by  7-inch  paper.  The  manual  is  clear  but 
very  short  (50  pages)  for  a  complicated 
router.  The  router  only  supports  Microsoft 
Internet  Explorer  browser  (which  the  guide 
doesn’t  mention),  but  the  DHCP  server 
works  correctly  and  the  box  grabbed  net¬ 
work  setup  details  from  the  cable  modem 
quickly  and  accurately  In  fact,  this  box 
resets  and  reboots  faster  than  any  we  tested. 

Configuration  for  both  WAN  ports  occurs 
on  the  same  page  of  the  admin  utility  (side 
by  side),  which  is  a  nice  touch.  The  WAN 
ports  can  be  configured  as  backup  or  be 
load  balanced,  and  load  balancing  has  its 
own  configuration  page.  You  can  set  bal¬ 
ancing  by  bytes,  packets  or  sessions  estab¬ 
lished,  and  then  set  the  load  percentage  on 
WAN1.  We  put  the  cable  modem  on  WAN1 
and  set  it  to  carry  90%  of  the  load. When  we 
unplugged  the  cable  modem,  the  stream¬ 
ing  music  almost  always  continued  without 
missing  a  beat  over  the  DSL  link.  Un¬ 
fortunately,  the  Xincom  couldn’t  always 
reset  the  DSL  connection  when  it  was 
unplugged,  and  we  had  to  reconnect  the 
link  manually 

Multiple  DMZs  can  be  established,  using 
one  or  more  of  the  four  10/ 100Base-T 
Ethernet  ports  on  the  unit  (there  is  no  dedi¬ 
cated  DMZ  port)  .There  is  no  easy  way  to  fil¬ 
ter  traffic  from  the  LAN  to  the  DMZ  or  back 
(as  the  ZyWall  70  and  SonicWall  units  do), 
but  individual  DMZ  session  links  can  be 
controlled  through  the  Advanced  Setup 
page.  The  Advanced  Setup  menu  also 
includes  Advanced  Features,  which  has  a 
handy  checkbox  to  tie  SMTP  traffic  to  one  of 
the  two  WAN  ports, ensuring  outgoing  email 


Check  Point’s  Safe@0flice  225 


I 


We  tested  Check  Point's  Safe@Office  225  device  for  comparison,  even  though 
it  doesn't  support  two  active  WAN  connections.  Relying  on  failover,  the 
Safe@Office  225  aims  at  the  company  that  wants  back-up  Internet  access. 
The  metal  box  about  the  size  of  a  VCR  cassette  packs  plenty  of  features.  Much 
like  the  SonicWall  offerings,  Check  Point  provides  software  add-ons  to  the  basic 
hardware,  so  you  can  configure  the  system  you  need.  For  example,  if  you  want 
remote  management,  Web  filtering,  e-mail  anti-virus,  or  expanded  logging  and  report¬ 
ing,  grab  a  price  list  for  their  subscriptions. 

The  box  didn't  let  us  set  the  range  for  IP  addresses  doled  out  by  the  unit's  DHCP 
server,  but  at  least  the  box  sees  other  IP  addresses,  so  it  doesn't  give  out  addresses 
already  in  use.  The  Web  administration  application  is  clean  and  usable,  if  a  bit  loud 
with  its  orange  and  yellow  color  scheme.  Firewall  rules  are  set  through  a  pop-up  wiz¬ 
ard,  but  without  extra  filtering  modules  the  service  options  to  control  are  slim  (less 
than  10). 

Our  focus  was  on  the  failover  capabilities,  however.  Unlike  the  other  boxes  tested, 
the  Safe@Off  ice  225  doesn't  plug  both  broadband  modems  into  connectors  on  the 
unit.  You  must  plug  the  broadband  modems  into  a  separate  wiring  hub  (not  included), 
and  connect  that  hub  to  the  WAN1  port  on  the  box.  We  were  fooled  by  the 
DMZ/WAN2  label  on  the  front  of  the  device  and  plugged  the  WAN2  router  there, 
which  doesn’t  work  but  doesn't  give  an  error  message,  until  we  dug  deeper  into  the 
250-page  manual  and  discovered  the  unorthodox  connection  method.  Weird  or  not,  it 
works.  Usually  the  system  fails  over  from  cable  to  DSL  automatically  with  no  Web 
surfing  delays,  but  occasionally  the  primary  WAN  link  must  be  disabled  in  the  admin¬ 
istration  to  kick-start  the  failover.  Streaming  audio  seemed  to  always  hang  up  the 
failover  process  and  forced  manual  intervention. 

E-mail  traffic  always  went  to  the  cable  modem  WAN  link,  keeping  SMTP  traffic 
flowing.  And  because  the  box  doesn't  support  load  sharing,  no  connections  got 
linked  to  the  slower  DSL  connection,  as  did  some  of  the  other  systems  where  traffic 
actually  slowed  in  load-balancing  mode.  But  that  also  means  two  comparable  broad¬ 
band  connections  don’t  provide  any  possibility  of  a  speed  boost,  as  they  do  on  other 
boxes.  About  $900  online,  the  Check  Point  box  will  work  well  when  failover  is  the 
most  important  goal,  as  when  the  two  broadband  connections  differ  widely  in  speed 
(such  as  cable  and  minimum-speed  DSL). 


Safe  ©Office  225 

Company:  Check  Point,  www.checkpoint.com 

Cost:  $900 

Pros:  Small,  weli  known,  and  full  featured;  failover  happens  quickly,  as  does  fail- 
.  back  when  WAN1  reconnects 

Cons:  Load  balancing  not  available;  more  software  modules  needed  for  complete 

system. 

—  James  Gaskin 


goes  through  the  proper  network. 

A  firewall  with  SPI  is  included,  although 
the  left-side  menu  says  “Security  Manage¬ 
ment”  rather  than“firewall."Various  service 
ports  can  be  blocked  easily,  but  drop-down 
menus  only  provide  six  types  of  services, 
compared  with  the  huge  number  from 
SonicWall.  Blocking  or  opening  ports  in 
the  firewall  requires  manually  filling  out 
some  forms. 

QoS  support  doesn’t  provide  much  man¬ 
agement  flexibility  but  is  included  in  all  oth¬ 
ers  except  the  Hawking.You  can  view  online 
a  data-dump  system  log,  but  Xincom  pro¬ 
vides  room  to  configure  three  separate  sys- 
log  servers  to  handle  the  parsing  for  you. 

WAN  status  and  traffic  totals  are  available 
on  several  screens,  but  updates  requires 
clicking  a  button. 

The  easy  installation,  clean  administra¬ 
tive  interface  and  good  WAN  failover 
results  make  it  possible  to  almost  excuse 
the  limited  and  non-intuitive  security  and 
firewall  settings.  Oddly,  this  was  the  only 
unit  that  demanded  Internet  Explorer  and 
balked  at  Mozilla. 

Hawking  H2WR54G 

The  H2WR54G  from  Hawking  packs  a 
bunch  of  features  into  a  small  device.  Not 
only  does  the  router  support  dual-WAN 
links,  it  includes  an  802.1  lg  wireless  LAN 
(WLAN)  module  and  basic  firewall  secur¬ 
ity  The  H2WR54G  is  the  most  expensive  of 
the  three  dual-WAN  routers  Hawking  sells, 
even  though  it  was  the  least-expensive  unit 
in  our  test. 

If  only  there  weren’t  so  many  shortcom¬ 
ings:  The  quick-installation  guide  (25  pocket- 
book  pages  with  tiny  print)  said  we  must 
provide  the  IP  address  of  a  timeserver  dur¬ 
ing  installation  of  the  H2WR54G,  but  didn’t 
say  progress  stops  until  a  timeserver  IP 
address  is  in  place  and  the  system  verifies  it. 
Then  the  guide  suggested  we  look  up  time¬ 
servers  on  the  Web,  forgetting  that  we  have 
no  router  to  the  Internet  until  we  fill  in  a 
timeserver  IP  address  in  the  setup  screens. 
That’s  as  good  a  Catch-22  as  ever  seen  in  a 


The  Hawking  router  is  low  on  price,  packed 
with  features. 


setup  guide.  We  plugged  in  another  router 
and  checked  its  timeserver  setting  for  a  valid 
IP  address,  but  we  have  no  idea  how  a  typi¬ 
cal  small-business  owner  would  handle  this 
snafu.  Any  of  the  four  10/100Base-T  Ethernet 
ports  can  be  used  for  DMZ  by  providing  the 
IP  address  of  the  device  to  be  seen  on  the 
Internet.There  is  no  QoS  support. 


Clear  Choice  Test 
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Choosing  the  PC’s  IP  address  and  select¬ 
ing  one  or  more  of  the  16  standard  services 
displayed  can  create  firewall  rules.  There’s 
no  way  to  block  all  users  from  using,  for 
instance,  MSN  Messenger,  only  individual 
devices.  This  level  of  protection  fits  a  con¬ 
sumer  device  or  very  small  business,  but 
not  one  serious  about  security  At  least  the 
firewall  is  enabled  by  default,  as  is  the 
denial-of-service  protection.  There  is  no 
enterprise  authentication  support,  such  as 
RADIUS  or  even  Lightweight  Directory 
Access  Protocol. 

The  minimal  browser-based  management 
application  uses  the  left  menu  template,  but 
none  of  the  pages  are  long  or  detailed 
enough  to  need  tabs  for  drilling  down. Two 
logs  are  available,  one  system  and  one  secu¬ 
rity  but  no  parsing  or  explanations  are 
offered,  and  there’s  no  way  to  send  the  logs 
via  e-mail  or  to  a  Syslog  server  as  with  the 
other  units.  A  well-illustrated  electronic  man¬ 
ual  of  just  under  100  pages  is  included. 

The  second  shortcoming  appeared  when 
we  tried  to  steer  outgoing  email  to  the 
WAN1  link  using  the  cable  connection.  We 
couldn’t  figure  out  where  on  the  adminis¬ 
tration  screens  to  configure  SMTP  routing, 
so  we  sent  an  email  to  technical  support. 
The  good  news:  They  answered  by  the  next 
morning.  The  bad  news:  There  is  no  way  to 
route  SMTP  traffic  to  one  WAN  link.  This 
seems  odd  because  the  target  audience 
seems  to  be  entry-level  home,  home-office 
and  small-business  customers,  and  they  are 
the  types  most  likely  to  rely  on  email  from 
a  service  provider.  Users  of  this  router  must 
either  have  their  own  email  servers  or  be 
able  to  send  outgoing  mail  through  a  host¬ 
ing  service  because  you  can’t  reliably  send 
email  if  both  WAN  ports  are  active. 

WAN  failover  and  reconnection  worked, 
although  streaming  audio  sessions  had  to 
be  restarted.  When  set  to  backup  rather 
than  load  balancing,  the  switch-over  time 
from  cable  to  DSL  took  about  20  seconds. 
Load  balancing  can  be  turned  on,  but  the 
only  control  option  is  a  percentage  based 
on  data  transfer  sessions. 

Feature-packed  but  detail-light,  the 
Hawking’s  low  price  should  make  it  popu¬ 
lar  with  small  businesses,  but  the  minimal 
security  settings  and  management  control 
will  limit  its  usefulness. 

Fortinet  FortiGate-60 

Another  metal  box  with  the  standard  four 
ports  of  10/100Base-T  for  local  connec¬ 
tions,  two  WAN  ports  and  even  a  DMZ  port, 
the  FortiGate-60  offers  a  wide  contrast  of 
good  and  aggravating  points.  This  was  the 
only  box  we  tested  with  USB  ports  for  USB 
modem  backups,  even  though  the  ZyWall 
includes  a  serial  port  for  dial  backup. 

The  quick-start  guide  is  a  11-  by  17-inch 
sheet  of  paper  filled  front  and  back  with 
data,  defusing  the  quick  portion  of  the 
name.  The  guide  demands  Internet  Ex¬ 
plorer,  but  Mozilla’s  Firefox  browser  worked 
(except  for  a  few  display  oddities)  but  you 
must  use  HTTPS  for  a  secure  link. 

Management  screens  use  the  left  menus 
with  submenus  and  tabbed  pages.  After  ini¬ 
tial  configuration,  we  discovered  that 


The  Fortinet  appliance  offers  quick  failover. 

although  instructed  to  gather  DNS  details 
from  the  ISPs  and  pass  them  along  to  the 
clients,  the  FortiGate-60  didn’t  do  that  reli¬ 
ably,  meaning  clients  couldn’t  resolve 
Internet  addresses  properly  Only  by  loading 
DNS  addresses  deep  in  the  configuration 
(System>DHCP>Server  >Scope  Wiz- 
ard>Modify)  could  we  guarantee  that  every 
client  learned  the  proper  DNS  addresses 
necessary  to  reach  sites  on  the  Internet. 

The  management  screen  gave  no  clue 
about  the  performance  of  the  WAN  links 
because  there  are  no  statistics  available. 
You  can  see  if  the  links  are  connected,  but 
you  can  only  tell  which  broadband  con¬ 
nection  carries  the  load  by  watching  lights 
flash  on  the  front  of  the  box.  Worse,  traffic 
won’t  leave  the  internal  network  out  to  the 
Internet  using  the  second  WAN  link  unless 
you  make  a  specific  firewall  policy  addi¬ 
tion.  Until  you  take  this  extra  step  (not 
required  by  other  products),  there’s  no 
failover  support. 

After  going  through  the  firewall  policy 
steps  and  configuring  the  Distance  para¬ 
meter  to  tell  the  system  which  route  is  pre¬ 
ferred,  failover  started  working  reliably 
and  quickly. 

Although  the  manual  doesn’t  say  it,  the 
failover  route  (in  our  case  WAN2)  must  be 
set  higher  than  the  default  route’s  number 
l,such  as  10. This  tells  the  system  to  use 
WAN2  when  WAN1  dies.  If  the  distance 
numbers  are  the  same,  both  WAN  links  will 
be  used  concurrently  but  there  is  no  load 
balancing  as  such. 

When  configured,  the  FortiGate-60  failed 
over  quickly  and  reconnected  back  to 
WAN1  quickly  (about  5  seconds) .The  only 
indication  on  the  administrative  program 
is  on  a  Routing  Monitor  page  that  shows 
WAN2  as  the  static,  default  route.  The 
Status  page  still  showed  WAN1  as  con¬ 
nected,  but  Fortinet  says  that’s  by  design 
and  represents  the  administrative  setting. 
We  expected  actual  WAN  link  status  on 
the  Status  page. 

The  feature  list  for  the  FortiGate-60  is 
impressive,  including  expected  VPNs,  a 
firewall  with  50  services  predefined  in  the 
drop-down  menu,  and  virus  checking  for 
files  and  e-mail  (with  the  services  enabled 
and  updated  from  Fortinet).  But  you  prob¬ 


ably  will  need  more  help  than  the  manual 
provides  (we  did). 

A  roller  coaster  of  enticing,  frustrating, 
then  well  performing  sums  up  the  Forti¬ 
Gate-60.  Once  you  fight  through  the  setup 
and  purchase  the  optional  features  you 
want,  things  work  fairly  well. 

Security  or  access? 

Based  on  the  number  of  inexpensive 
routers  for  small  business  flooding 
the  market,  we  hoped  to  find  several  dual- 
WAN  routers  that  focused  on  Internet 
access  redundancy.  Instead,  we  found 
Internet  security  appliances  with 
dual-WAN  connections  added  as  an 
afterthought. 

We  hope  the  market  takes  a  hint  from 
the  Hawking’s  aggressive  pricing  and 
begins  to  offer  flexible  routing  products 
for  redundancy  and  failover  while  keep¬ 
ing  advanced  management  and  security 
features. 

Now  that  so  many  homes  and  bus¬ 
inesses  have  access  to  megabits  of  band¬ 
width  for  relatively  inexpensively,  the  mar¬ 
ket  seems  ready  for  ways  to  utilize  the 
available  broadband  connections. 

Gaskin  has  been  helping  small  and  mid¬ 
size  businesses  use  technology  since  1986. 
He  writes  books  about  technology  from  his 
home  office  in  the  Dallas  area.  He  can  be 
reached  at  readers@gaskin.com. 


Gaskin  also  is  a  member  of  the  Network  World 
Lab  Alliance,  a  cooperative  of  the  premier 
testers  in  the  network  industry,  each  bringing 
to  bear  years  of  practical  experience  on  every 
test.  For  more  Lab  Alliance  information,  includ¬ 
ing  what  it  takes  to  become  a  partner,  go  to 
www.nwfusion.com/alliance.her  members: 

Mandy  Andress,  ArcSec;  John  Bass, 

Centennial  Networking  Labs,  North  Carolina 
State  University;  Travis  Berkley,  University  of 
Kansas;  Jeffrey  Fritz,  University  of  California, 

San  Francisco;  James  Gaskin,  Gaskin 
Computing  Services:  Greg  Goddard,  F.DS; 

Thomas  Henderson,  ExtremeLabs;  Miercom.  I 
network  consultancy  and  product  test  center;  I 
Christine  Pcrey,  Perey  Research  &  Consulting; 
Barry  Nance,  independent  consultant.  David 
Newman.  Network  Test;  Thomas  Poweil.  PINT. 

Joel  Snyder  Opus  One;  Rodney  Thayer,  Canola 
&  Jones. 


Our  SOHO/small  business  lab  includes  seven  clients,  ranging  from  Windows  98 
through  Windows  XP  Pro  and  Linux.  We  have  a  Comcast  cable  broadband  con¬ 
nection  and  SBC  Yahoo  DSL  connection. 

Each  system  used  the  faster  cable  broadband  connection  for  WAN1  and  the  slow¬ 
er  DSL  broadband  connection  for  WAN2.  During  normal  Internet  activity,  we 
unplugged  the  cable  modem  to  force  the  routers  to  switch  all  traffic  to  the  DSL 
broadband  connection. 

Other  features,  such  as  load-balancing  support,  security  support,  installation  and 
setup  time,  network  monitoring  ability  and  documentation,  also  were  tested. 
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Paragon®  SI.  Stackable  Data  Center  KVM  Control  that  Saves  Time,  Space  &  Money. 


The  downside  to  success  is  the  complexity  that  comes  with  it. 


That’s  why  Raritan  builds  solutions  for  the  data  center  that  reduce  complexity 


when  it  comes  time  to  manage  a  growing  stable  of  servers  and  other  data  center  devices.  Case  in  point:  Paragon  II,  the  industry’s  only  stackable 


KVM  (Keyboard,  Video,  Mouse)  switch.  The  highest  port-density  in  the  industry  delivers  lower  ownership  costs.  Up  to  30%  lower.  With 


Paragon  Il’s  stacking  capability,  you’ll  use  90%  less  cable  than  if  you  cascaded  switches,  and  you’ll  save  a  third  of  your  rack  space.  And  with 
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monitor,  configure,  and  even  reboot  your  servers  and  other  IT  devices  as  if  you  were  actually  present  at  the  rack.  And  that’s  good  news. 


Call  today  and  get  a  free  KVM  Stacking  Guide. 
1-800-724-8090x1992 
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■  CAREER  DEVELOPMENT 

■  PROJECT  MANAGEMENT 

■  BUSINESS  JUSTIFICATION 


Grime  and  punishment 

Corporations  pay  the  price  when  they  don’t  adequately  protect  customer  data. 


■  BY  ANN  BEDNARZ 

Barnes  &  Noble.com  agreed  in  April  to  pay  a  $60,000  fine  after  a  flaw  exposed  sensitive  cus¬ 
tomer  data  on  its  Web  site.The  New  York  State  Attorney  General’s  office,  which  imposed  the 
fine,  says  a  design  vulnerability  in  the  online  bookseller’s  Web  site  permitted  unauthorized 
access  to  consumers’  accounts  and  personal  information. 


The  bookseller  corrected  the  flaw  before  any  serious 
damage  was  done.  BJ’s  Wholesale  Club,  however,  wasn’t  so 
fortunate. The  tab  for  the  Natick,  Mass.,  company’s  system 
breach,  which  it  reported  in  March,  continues  to  mount. 
In  its  quarterly  report  filed  in  August,  BJ’s  disclosed  it  is 
facing  $16  million  in  fraud-related  claims  after  the  theft  of 
some  of  its  customers’  credit  and  debit  card  information. 

Computer  security  breaches  are  a  recurring  problem  for 
companies,  particularly  those  that  conduct  business 
online.  Based  on  results  of  its  annual  survey  of  e-com¬ 
merce  crime,  security  company  CyberSource  estimates 
online  crooks  made  away  with  1.7%,  or  $1.6  billion,  of 
2003  U.S.  business-to-consumer  e-commerce  revenue. 

The  toll  on  consumers  whose  financial  information  is 
stolen  is  huge. The  Federal  Trade  Commission  (FTC)  says 
almost  10  million  Americans  were  victims  of  identity  theft 
in  2003.  These  consumer  victims  reported  $5  billion  in 
out-of-pocket  expenses.  At  the  same  time,  identity  theft 
losses  to  businesses  and  financial  institutions  totaled 
nearly  $48  billion,  according  to  the  agency 

Companies  that  suffer  a  system  breach  might  find  them¬ 
selves  on  the  wrong  side  of  the  law. There  are  hundreds  of 
privacy  laws  from  federal,  state,  local  and  international 
sources.  Government  enforcement  of  such  laws  can 
come  from  federal  agencies  such  as  the  FTC,  and  state 
attorney  general  offices.  Consumers,  too,  can  take  matters 
into  their  own  hands  when  their  privacy  is  breached, 
through  class-action  lawsuits  such  as  those  that  dogged 
Microsoft, TriWest  Healthcare  Alliance  and  Eli  Lilly 

Of  course,  revenue  isn’t  the  only  thing  at  stake.  A  com¬ 
pany’s  corporate  reputation  is  on  the  line  if  it  doesn’t  ade¬ 
quately  secure  customer  information. 

“There’s  no  bigger  responsibility  as  a  financial  institu¬ 
tion  than  to  safeguard  customers’  information,”  says 
Leonard  Rowe,  corporate  senior  vice  president  and  direc¬ 
tor  of  e-business  development  at  Associated  Bank  in 
Green  Bay,  Wis.  “It’s  right  up  there  with  maintaining  the 
money  customers  entrust  to  us.  We,  as  an  industry,  have 
everything  at  risk  if  we  don’t  protect  our  customers.” 

Online  banking  offers  convenience,  but  it  also  height¬ 
ens  security  challenges. To  make  sure  users  doing  bank¬ 
ing  business  online  are  who  they  say  they  are, 
Associated  Bank  recently  added  an  extra  layer  of  tech¬ 
nology  to  its  infrastructure.  The  bank  subscribes  to  a 
service  from  Authentify  that  uses  voice  prints  to  verify  a 
customer’s  identity. 

If  a  customer  wants  to  set  up  online  access  to  an  exist- 
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ing  account,  the  Authentify  service  places  a  phone  call  to 
the  customer  —  either  during  or  immediately  following 
the  Internet  session,  depending  on  the  customer’s 
Internet  setup  —  and  asks  for  a  verbal  acknowledgement 
that  the  customer  wishes  to  establish  online  access. 
Authentify  then  compares  the  speaker’s  acknowledge¬ 
ment  to  a  voice  print  on  file  to  verify  identity. 

There  are  a  few  advantages  to  using  the  Authentify  ser¬ 
vice,  Rowe  says.  It’s  faster  and  more  secure  than  making  a 
customer  wait  to  receive  a  PIN  in  the  mail  before  activat¬ 
ing  a  new  banking  service.  The  Authentify  service  also 
establishes  an  audit  trail  if  fraud  is  committed.  From  a 
technology  standpoint,  the  service  is  inexpensive  to 
implement  and  not  intrusive,  Rowe  says.  “The  telephone 
network  already  exists,  plus  a  voice  print  is  the  least-intru¬ 
sive  biometric  technology  for  customers,”  he  says. 

Baker  Hill  —  a  service  provider  that  administers  online 
loan  applications  for  banks  —  likewise  went  the  extra 
mile  to  secure  its  users’  information.  The  Carmel,  Ind., 
company  installed  a  Web-application  firewall  from  Teros 
that  studies  what  an  application  is  doing  and  blocks  sus¬ 
picious  behavior.  For  example,  if  someone  tried  to  inject 
SQL  commands  to  obtain  hundreds  of 
customer  account  numbers,  the  Teros 
appliance  would  stop  the  transaction. 

The  Teros  appliance  is  different  from  a 
typical  firewall,  which  is  focused  on  pro¬ 
tecting  against  network-layer  attacks  and 
doesn’t  closely  examine  traffic  destined 
for  Web  servers,  says  Eric  Beasley,  senior 
network  administrator  at  Baker  Hill.  The 
Teros  appliance  un-encrypts  and 
inspects  the  traffic  to  make  sure  it  meets 
acceptable  application  behavior.  “That 
ability  to  do  deep  packet  inspection,  to 
inspect  traffic  at  the  application  layer,  is 
a  big  help,”  he  says. 


Assistance  required 

Safely  handling  sensitive  customer  data  is  about  more 
than  just  installing  security  products.  Companies 
should  supplement  their  security  technology  with 
investments  in  security  audits  and  security  training, 
according  to  this  year’s  Computer  Crime  and  Security 
Survey.  The  annual  survey  is  conducted  by  the 
Computer  Security  Institute  (CSI)  and  the  San 
Francisco  FBI’s  Computer  Intrusion  Squad. 

Security  audits  are  widely  used,  according  to  the 
CSI/FBI  survey  Among  494  respondents,  82%  indicate  that 
their  organizations  conduct  security  audits.  Survey 
respondents  say  that  training  is  lagging.  On  average, 
respondents  from  all  sectors  do  not  believe  that  their 
organization  invests  enough  in  security  awareness. 

Seeking  outside  help  is  important,  says  Larry  Ponemon, 
whose  Ponemon  Institute  think  tank  in  Tucson,  Ariz., 
researches  privacy  data  protection  and  information  secur¬ 
ity  policies.  “Information  security  and  privacy  really  lend 
themselves  to  third-party  verification,”  Ponemon  says. 

Ponemon  is  affiliated  with  the  International  Association 
of  Privacy  Professionals,  which  this  fall  will  begin  offering 
certification  for  privacy  professionals.  There  are  also  sev¬ 
eral  professional  training  programs  in  information  protec¬ 
tion,  including  from  the  International  Information  Systems 
Certification  Consortium’s  Certified  Information  System 
Security  Professional  and  SANS  Institute’s  family  of  Global 
Information  Assurance  Certifications. 

Baker  Hill’s  Beasley  regularly  taps  external  sources  for 
help  in  securing  the  service  providers  systems.  For  exam¬ 
ple,  every  year  Baker  Hill  uses  Ernst  &  Young’s  SysTrust  ser¬ 
vice  to  review  its  application  security  policies.  It  also  sub¬ 
scribes  to  a  hosted  security  scanning  service  for  ongoing 
vulnerability  checks. 

Barnes  &  Noble.com  will  be  doing  more  such  engage¬ 
ments.  Its  settlement  with  the  New  York  State  Attorney 
General’s  office  requires  the  company  to  establish  an  infor¬ 
mation  security  program  to  protect  personal  information; 
establish  management  oversight  and  employee  training 
programs;  and  hire  an  external  auditor  to  monitor  compli¬ 
ance  with  the  security  program. 

A  lot  of  companies  are  getting  involved 
in  privacy  risk  management,  but  the 
majority  are  not  doing  enough. Ponemon 
says.  Companies  that  do  a  great  job  pro¬ 
tecting  consumer  privacy, such  as  Procter 
&  Gamble  and  E-Loan,  realize  that  it  can 
be  a  competitive  advantage,  he  says.  But 
the  reality  is  most  companies  are  moti¬ 
vated  by  fear  of  a  public  scandal. 

The  fear  is  founded.  Consumers  are 
increasingly  savvy  about  information 
protection,  and  they’ll  take  their  business 
elsewhere  if  there’s  a  concern  that  pri¬ 
vate  data  isn’t  secured,  Ponemon  says.“A 
loss  of  privacy  trust  is  loss  of  business.”  B 
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Server 

Server 

IP  user 


Ethernet 


Servers 

■  Syslog 

■  Active  Directory 
and  RADIUS 


Cyclades  elevates  today’s  KVM  solutions  with  the  AlterPath™  KVM/net 
AlterPath™  KVM/net.  In  direct  response  to  feedback  EnterPrisc  KVM  solution, 
from  serving  80%  of  Fortune  100  companies, 
the  AlterPath™  KVM/net  brings  a  unique  set  of 
features  unparalleled  in  the  market  today: 

■  KVM  over  IP 

■  Up  to  500  ft  (CAT-5)  cabling 

■  Up  to  1024  servers  per  system 

■  Integrated  power  management  capability 

■  Advanced  Security  &  server-based  Authentication 

With  fifteen  years  of  networking  expertise,  only  Cyclades  can  offer  a  complete 
out-of-band  management  solution  that  connects  your  environment  today  and 
integrates  into  your  data  center  of  tomorrow. 

Call  us  now  and  put  an  end  to  your  search. 


www.cyclades.com/nw 

1.888.cyclades  ■  sales@cyclades.com 


cyclades 
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NetworkWorld 

THE  HUB  OF  THE  NETWORK  BUY 


Reboot  your  Network  Equipment  via  Telnet,  Dial-Up  and  Local  Console 


Network  equipment  sometimes  "iocks-up”  requiring  a 
service  call  just  to  flip  the  power  switch  to  perform  a 
simple  reboot.  The  NPS  Network  Power  Switch  gives 
network  administrators  the  ability  to  perform  this 
function  from  anywhere  on  the  LAN/WAN,  or  if  the 
network  is  down,  to  simply  dial-in  from  a  standard 
external  modem  for  out-of-band  power  control. 


Eight  (8)  Individual  Outlets 
Dual  15-Amp  Circuits 
integrated  10-BaseT  Interface 
RS-232  Modem  and  Console  Ports 
Outlet-Specific  Password  Security 
Network  Security  Features 
Power-up  Sequencing 
Co-Location  Features 
Modem  Auto-Setup  Command  Strings 


Individually 
Programmable 
Outlet  Plugs  (8) 


lOBase-T  Ethernet 
Interface 


1 9”  Rack  Brackets 
Allow  Front,  Back,  or 
Center  Mounting 


www.wti.com 


(800)  854-7226 


Dual  15  Amp 
Power  Circuits 


By  Mark  Gibbs 
Network  World 

mm2 


Modem 
Out-of-Band 
Management 


RS232 
onsole  Port 
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“Keeping  the  Net.. .  Working!  ” 


UitraMatrix  Remote 

REMOTE  MULTIPLE  USER 
KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 


UltraConsole 

PROFESSIONAL  SINGLE-USER 
KVM  SWITCH  SUPPORTS  UP 
TO  1000  COMPUTERS 


Connects  1,000  computers  to  multiple  user  stations 
over  IP  or  locally 

High  quality  video  up  to  1280  x  1024 
Scaling,  scrolling,  and  auto-size  features 
Secure  encrypted  operation  with  login  and  computer 
access  control 

Advanced  visual  interface  (AVI) 

No  need  to  power  down  servers  to  install 
Free  lifetime  upgrade  of  firmware 
Available  in  several  models 
Easy  to  expand 


Connects  up  to  1000  computers  to  a  KVM  station 
Models  for  4,  8,16  computers 
Advanced  visual  interface  (AVI) 

Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 

Connects  to  PS/2,  Sun,  USB,  or  serial  devices 

Converts  RS232  serial  to  VGA  and  PS/2  keyboard 

Free  lifetime  upgrade  of  firmware 

Security  features  prevent  unauthorized  access 

Full  emulation  of  keyboard  and  mouse  functions  for  automatic, 

simultaneous  booting 

Easy  to  expand 

(&j)  nncE 
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A  RACK  DRAWER  WITH  KVM  SWITCH  OPTION 


800  333  9343 

WWW.ROSE.COM 


ELECTRONICS 


SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 


A  KVM  switch  allows  single  or  multiple 
workstations  to  have  local  or  remote  access  to 
multiple  computers  located  in  server  rooms  or 
on  the  desktop  regardless  of  their  platforms 
and  operating  systems.  KVM  switches  have 
traditionally  provided  cost  savings  in  reducing 
■energy  and  equipment  costs  while  freeing  up 
valuable  real  estate. 


Recognized  as  the  pioneer  of  KVM  switch 
technology,  Rose  Electronics  offers  the 
industry'?  most  comprehensive  range  of 
server  management  products  such  as  KVM 
switches,  extenders  and  remote  access 

■  solutions.  Rose  Electronics  products  are 
known  for  their  quality;;  scatabiltty,  ease  of  use 

and  innovative  technology.  ’> 

‘ 

Rose  Electronics  is  privately  held  w/ith  world- 
headquarters  in  Houston,  Texas  and  sells  its 

■  products  worldwide  through  a  large  network  of 
Resellers  and  Distributors.  Rose  has 
-operations  in  the  United  Kingdom,  Spain, 
Gernhany,  Benelux,  Singapore  and  Australia. 


-  Rose  Electronics  • ' 
M07by-  Stahdlff  Road 
itf^Stdn,  Texas  77099 


:#pSEUS  +281  933  7673 

ftOSE  EUROPE  +44  (0)  1264  850574 

;F$SEAS!A  +65  6324  2322 

•ROSE  AUSTRALIA  +617  3388  1540 
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umm  aamjaijaa  j 


I  set  up  the  appliance  in  just  a  few 
minutes  and  it  found  all  my  errors. 
Now  DNS  and  DHCP  are  so  simple 
and  secure.  I  just  love  it ! 


A/)/w>  Via/  rAtt/tmyt/ & 


Includes  XHA,  Data  Check  and 
Active  Directory  Integration 


cBSttflfo ting? 

WEU-CONHECTtD  AWAMK 


Editor’s 

Choice 


BlueCat  Networks 

simple,  secure  and  affordable  appliances 


Call  us: 

1.866.895.6931 


Schedule  your  free  demo  today. 

Visit  www.bluecatnetworks.com/adonis/nww 


Adonis  DNS/DHCP  Appliance 


BlueCat  Networks,  the  BlueCat  Networks  logo.  Adonis  DNS/DHCP  Appliance,  XHA  and  the  Adonis  logo  are  trademarks  of  BlueCat  Networks.  |nc. 
Active  Directory  is  a  registered  trademark  of  Microsoft  Corporation. 
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“  THE  HUB  OF  THE  NETWORK  BUY 


GTA  Firewall  Products 

Tough  Network  Security 


Choose  from  5  Firewall  Appliances  to 
Match  Your  Network  Infrastructure 

Easy,  Flexible  Implementation 

Certified  to  ISCA  4.0  Corporate 
Standards 

IPSecVPN 

Surf  Sentinel®  2.0  -  Content  Filtering 


H2A  -  High  Availability 

Gigabit  Ethernet  Support 

NIC  expansions 

Affordable  pricing 

GTA  Experience  -  Building 
Firewalls  for  Over  1 0  Years 


-  ' 

§£877-373-2700 
iWw.  i  rws-4000.com 


SENSAPHONE® 


BE  NOTIFIED  BEFORE 


•  Eight  environment  inputs 
«  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

«  8  methods  of  contact 
i 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 

•  Optional  camera 


CRITICAL  EVENTS  TURN  INTO  DISASTER! 

The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 


Phonetics,  Inc. 
901  Tryens  Road 
Aston,  PA  19014 


Sends 

SNMP 

Messages 


Monitors 

64 

IP  addresses 


Internal 

UPS 


Power 

Control 

Interface 


Ethernet 

Port 


Internal  Voice, 
Modem 
&  Pager  Port 


8  RJ-4S  Sensor  Inputs 

(Temperature,  Humidity, 
Water,  Motion,  Power, 
Smoke/Fire) 


Microphone 

for  Sound 
Monitoring 


Embedded 

Web 

Server 


Sends 

E-Mail 


Power 

Outage 


•  Tl/El  &  T3/E3  Modems 

•  RS-232/422/485  Modems  and 
Multiplexers 

•  IBM  3270  Coax,  AS400  Twinax,  and 
RS6000  Modems  and  Multiplexers 

•  LAN  -  Arcnet/Ethernet/Token  Ring 

•  Video/Audio/Hubs/Repeaters 

•  I S  0  -  9  0  0 1 

•  USB  Modem  and  Hub 


9.1. 


Toll  Free  866-SITech-l 
630-761-3640,  Fox  630-761-3644 
www.sitech-bitdriver.com  or  www.sitechfiber.com 
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*  NetWork  Hardware 

WORLDWIDE  PROVIDER 
OF  NETWORK 
HARDWARE 

SINCE  1981! 

•  babies 

|  1  *  *' 

•  Memory 

THE  NETWORK  SPECIALISTS 

WRC4.NET 

800 -499-®  772 

•  Accessories  f 

fan  MiMH  iputpuwt  to  ItUHIMItl 

sales@wrca.nel 

-  (800)699-9722x102 

-  -  * -  ~  i 
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Reading  someone 
else's  issue  of 

NetworkWorld? 

Subscribe  today  and  receive  your  own 
1-year  subscription  for  FR£E  - 

a  $129.00  value! 


Go  to  http://subscribenw.com/mynw  for  your  free  subscription. 


Advertising  Supplement 

Labor  Day  and  the  IT  Professional 


* Today's  interviews  are  part  2  of  a 
I  two-part  series  with  the  finalists 
for  the  annual  Black  Data  Processing 
Associates'  Top  Companies  for  Blacks 
in  Technology,  an  annual  evaluation 
of  40  criteria  by  BDPA  and 
WorkplaceDiversity. 

During  this  Labor  Day  season,  the 
Offshore  Tracker,  a  service  provided  by 
Techsllnite,  reports  that  better  than 
240,000  IT  jobs  have  moved  offshore 
since  2000.  During  the  same 
timeframe,  more  than  700,000  jobs 
were  created  here  in  the  United  States. 

At  issue,  then,  is  where  the  jobs  are,  what  skills  are  needed, 
and  how  to  land  one  of  those  jobs. 

Allstate  Insurance,  chosen  as  the  best  among  the  best  in 
the  BDPA/WorkplaceDiversity  evaluation  to  identify  the  Top 
Company  for  Blacks  in  Technology,  turns  traditional 
professional  development  on  its  side  when  helping 
employees  develop  needed  skills.  Dr.  Robin  Richmond, 
assistant  VP  for  Allstate  Protection  Technology,  says 
sending  IT  professionals  to  volunteer  in  the  community  is 
part  of  professional  development.  While  serving  as  external 
ambassadors  for  Allstate,  the  employees  also  learn  skills 
that  go  beyond  technology  -  team-building,  bringing 
diverse  groups  together  for  a  common  goal,  and 
communicating  in  a  non-tech  community. 


Greg  Tahvonen,  VP  of  human  resources  at  Delta  Airlines, 
says  IT  professionals  do  best  when  they  work  in 
organizations  that  measure  performance.  "There's  no 
barrier  if  you  perform."  Tahvonen  says  more  is  needed  in 
interpersonal  skills  than  hard-core  tech  skills,  which  change 
in  definition  on  a  constant  basis.  Instead,  he  looks  for 
people  who  demonstrate  an  ability  to  learn,  who  have  the 
business  skills  of  analysis  and  project  management. 

Whether  at  Blackwell  Consulting,  Merck,  Marriott  or  HSBC 
Technology  &  Services,  all  the  finalists  in  the  Best 
Companies  for  Blacks  in  IT  cite  these  types  of  requirements 
for  IT  workers. 

Their  input  is  critical  when  looking  at  the  latest  Information 
Technology  Association  of  America  Workforce  Development 
Survey.  Despite  continued  focus  by  CIOs  on  aggressive  and 


demonstrated  ongoing  learning,  the 
500  hiring  managers  responding  to 
the  ITASA  telephone  poll  indicated 
they  first  look  at  related  experience 
and  academic  degrees.  However, 
interpersonal  skills  were  ranked  two 
times  higher  than  project 
management  or  team  building  skills 
in  hiring  considerations. 

Other  data  from  the  survey  released 
Sept.  6  projects  the  IT  workforce  will 
top  10.5  million  workers  in  2004,  up 
from  10.3  million  in  2003.  Job 
growth  is  slowing,  however,  with 
hiring  managers  reporting  plans  to 
hire  230,000  people  in  2004  vs.  nearly  500,000  in  2003. 
Almost  80%  of  the  jobs  will  be  with  non-IT  companies,  with 
the  greatest  job  growth  -  5%  --  coming  in  the  Northeast. 

More  IT  professionals  work  in  programming  than  any  other 
job  category,  but  the  highest  job  growth  will  come  in 
technical  support  (with  a  projected  67,000  jobs)  and 
network  system  design,  followed  by  programming. 
Information  security  is  forecast  to  be  the  job  area  of 
greatest  growth  over  the  next  three  years. 


For  more  information  about  IT  Careers  advertising, 

please  call:  800.762.2977 

500  Old  Connecticut  Path 

Framingham,  MA  01701 

Produced  by  Carole  R.  Hedden 


System  Software  Specialist  to 
implement  and  maintain  secure 
Web  infrastructure  for  the 
Eskind  Biomedical  Library  that 
includes  Web  servers,  database 
servers,  multimedia  servers,  and 
development  servers.  Serve  as 
backup  system  administrator  for 
StarChart/StarPanel  (VUMC  pa¬ 
tient  records  and  clinical  man¬ 
agement  systems),  providing 
24x7  system  support  for  four 
redundant  clusters  of  UNIX 
workstations.  Serve  as  webmas¬ 
ter  for  the  main  VUMC  Web 
servers  and  collaborate  with 
programmers  and  library  staff  to 
develop  reusable  knowledge 
management  tools  and  perform 
hardware  installation  of  Sun 
servers.  Requires:  minimum  of 
Master's  Degree  in  Information 
Sciences,  Computer  Science  or 
related  field  and  24  months  of 
working  experience  in  server 
support,  web  technologies,  and 
library  systems  is  required.  Must 
have  prior  working  experience 
with  Solaris,  Linux,  OpenBSD. 
Must  have  strong  background  in 
MySQL  or  Oracle  database 
management.  Must  understand 
library  environment;  ALA  accred¬ 
ited  MLS  degree  preferred. 
Please  send  resumes  to 
Frances  Lynch,  Vanderbilt 
University,  Eskind  Biomedical 
Library,  2209  Garland  Ave., 
Nashville,  TN  37232-8340. 


Business  Analyst  w /  Masters 
or  Foreign  Equivalent  in 
Marketing  Mgmt  or  Busi. 
Admin  or  Comp  Scie  +  1  yr 
exp  in  research,  analyze, 
gather  business  require¬ 
ments,  develop,  test  &  imple¬ 
ment  commercial  s/w  using 
Oracle,  MS  SQL,  VB  on  Win. 
Analyze  s/w  requirements, 
determine  design  feasibility, 
develop,  debug  &  test  using 
C,  C++,  Java,  HTML,  OO. 
VC++,  Sybase  on  Unix  &  Win. 
Mail  res.  To:  Compulnfo, 
1119-ID,  Crab  Orchard, 
Raleigh.  NC  27606. _ 


Manufacturing  Process  &  Syst¬ 
ems  Consultant.  Work  with  man¬ 
ufacturing  affiliates  to  develop 
strategies,  support  a  multi-site 
business  as  project  leader/man¬ 
ager  for  global  teams  that  de¬ 
fine/implement  information  man¬ 
agement  systems;  create,  imple¬ 
ment/maintain  systems  to  en¬ 
sure  well-developed,  standard¬ 
ized  &  consistent  documents  & 
records;  leads/contributes  to 
mnfg.  projects  to  harmonize 
methods  &  improve  effectivity; 
develops  strategy,  plans,  pro¬ 
cesses  &  policies  for  information 
management;  develops  training 
programs  &  conducts  training; 
leads  local  implementation  of 
new/modified  information  man¬ 
agement  systems;  utilize  Oracle 
&  project-writing  applications. 
Prior  experience  must  include 
creation  and  implementation  of 
complex  &  novel  information 
technology  projects,  use  of 
Oracle,  and  direction  of  teams 
and  projects.  MS  in  Computer 
Science  and  3  years  in  the  job 
offered  or  3  years  in  relevant 
related  applications  or  software 
engineering.  Submit  resume  & 
social  security  number  to:  Kathy 
Sanders,  Roche  Diagnostics, 
9115  Hague  Rd.,  Indianapolis, 
IN  46250.  No  phone  calls 
please. 


Software  Engineer.  Dsgn, 
dvlp,  integrate  &  test  systms- 
level  s/ware,  &  n/work  distrib¬ 
ution  s/ware  for  digital  audio/ 
video/voice  recording.  Set 
specs  &  formulate  &  analyze 
s/ware  reqmts  for  mkt  de¬ 
mands  using  s/ware  skills. 
Knowl  in  ATL,  WTL,  socket 
prgmg,  direct  draw/show  etc 
tech  &  debugging  skills  in 
Visual  Studio  a  plus.  BS  w/2 
yrs  exp  in  related  industry.  8- 
5p.  Send  resume  to  Dan  Kelly 
(VP)-General  Solution  Ltd, 
5902  Sovereign  Dr,  Houston, 
TX  77036. 


Lead  QA  Engineer:  Perform 
testing  of  automated  scheduling 
system  to  maximize  customer 
service,  reduce  missed  com¬ 
mits,  &  increase  technician  pro¬ 
ductivity  using  UNIX,  Win  NT,  Cl 
C++,  Perl,  Java,  JavaScript,  PL/ 
SQL,  SQL*Plus,  HTML,  Oracle 
app  server  4.08,  Oracle  8.05,  & 
Netscape  Navigator.  Test  func¬ 
tionality  of  the  system.  Perform 
Backend/Frontend  testing  by  de¬ 
veloping  SQL  scripts.  Schedule 
UNIX  jobs  using  Cron  utility  & 
analyze  results.  Test  data  load¬ 
ing  of  Oracle  tables  using  SQL 
Loader.  Develop  shell  scripts  to 
transfer  files  from  external  sys¬ 
tems.  Test  data  transfer  proces¬ 
ses  at  all  interfaces.  BS  in  Comp 
Sci,  Eng,  Info.  Systems,  or  relat¬ 
ed  field  &  5  years  exp  as  SW 
Eng  &/or  Programmer/Analyst  & 
working  and/or  theoretical  know¬ 
ledge  of:  UNIX,  Win  NT,  C/C++, 
Perl.  Java,  JavaScript,  PL/SQL, 
SQL*Plus,  HTML,  Oracle  appli¬ 
cation  server  4.08,  Oracle  8.05, 
&  Netscape  Navigator.  $78,400/ 
yr.  M-F.  40  hrs/wk.  Denver,  CO. 
Must  have  proof  of  legal  author¬ 
ity  to  work  permanently  in  U.S. 
Application  by  resume  only  to 
Workforce  Development  Pro¬ 
grams,  PO  Box46547,  Denver, 
CO  80202.  Ref  job# 
CQ5090483. 


Clutchpoint  delivers  innovative 
IT  solutions,  has  openings  for 
experienced  Prog/Systems  An¬ 
alysts,  S/W  Engineers  with  any 
of  following  skills:  Oracle,  Sy¬ 
base,  SQL,  C/C++,  Visual  C++, 
OOD,  Java,  Web  Tech,  UNIX, 
NT.  VB.  ASP,  HTML,  SAP, 
Peoplesoft  ERP.  Send  resumes 
to  inhs@clutchooint.com .  EOE 

Compuware.  a  multi-national 
company  has  multiple  IT  posi¬ 
tions  for  both  in-house  software 
development  projects  and  con¬ 
sulting  services  to  clients.  Our 
challenging  positions  require 
minimum  BS/MS  degree  with  IT 
experience.  Please  visit 
www.comDuware.com  for 
details.  EOE. 


SW  Dev  Engineer:  Partner  in  a 
team  enviro  to  design,  develop, 
code,  test  &  debug  new  SW  or 
significant  enhancements  to 
existing  SW  using  knowledge  of 
C/C++,  HTML,  Javascript,  Cor- 
ba,  UNIX  &  PL/SQL;  Applets, 
Servlets,  JSPs  (Java  Server 
Pages);  GUI  development;  & 
client/server  applications.  Learn 
to  apply  principles,  theories  & 
concepts  &  begin  to  use  meth¬ 
odologies,  tools,  documentation 
processes  &  test  procedures  to 
complete  projects.  Entry-level 
position  working  under  close 
supervision  of  the  SW  Dev 
Manager.  BS  in  Comp  Sci, 
Engin,  or  related  &  1/yr  exp  as 
SW  Eng,  Programmer/Analyst, 
Consultant/Analyst  &  working 
&/or  theoretical  knowledge  of: 
C/C++,  HTML,  Javascript,  Cor- 
ba,  UNIX,  PL/SQL,  Oracle;  Ap¬ 
plets,  Servlets,  JSPs  (Java 
Server  Pages);  GUI  develop¬ 
ment;  &  Client/Server  Applica¬ 
tions.  $57,700/yr.  M-F.  40  hrs / 
wk.  Denver,  CO.  Must  have 
proof  of  legal  authority  to  work 
permanently  in  U.S.  Application 
by  resume  only  to  Workforce 
Development  Programs,  PO 
Box46547,  Denver,  CO  80202. 
Ref  job#C05090496. 


Development  Managers 
needed.  Seeking  candidates 
possessing  BS  or  equiv  and 
rel  work  exp.  Duties  include: 
Design  and  develop  cus¬ 
tomized  software  for  techni¬ 
cal  engineering  and  web 
applications;  Work  w/  Micro¬ 
soft  C#,  ASP.Net,  XML, 
Javascript  and  SQL  Server. 
Exp.  must  include  1  year 
working  w /  XML  and  SQL 
Server.  Travel  and  relocation 
may  be  required.  Mail  resume 
&  refs  to:  Ergo  2000,  Inc., 
1111  E.  Truslow  Ave., 
Fullerton,  CA  92831. 


IT  PROFESSIONALS 
Consultant 

(Glen  Mills,  Pennsylvania  and 
other  locations  through  the 
U.S.).  Assist  in  defining  and  de¬ 
livering  the  technical  architec¬ 
ture  for  client  projects  and  inte¬ 
grating  solutions  from  UNIX  and 
Windows  2000/NT  platforms  us¬ 
ing  Enterprise  Application  Inte¬ 
gration  tools  and  web  services 
solutions.  Design  custom  and 
package  technology  enabled 
business  solutions  using  Java. 
Develop  Enterprise  Application 
Integration  (EAI)  best  practices 
for  client  implementation  pro¬ 
jects  based  on  industry  stand¬ 
ards.  Map  clients'  business  pro¬ 
cesses,  organization  and  tech¬ 
nology  to  the  new  technology 
solutions  and  identify  gaps.  Cre¬ 
ate  designs  for  complex  techni¬ 
cal  requirements  including  gap 
analysis,  infrastructure,  interfac¬ 
es,  reports,  enhancements,  and/ 
or  conversions.  Assist  in  defin¬ 
ing  systems  strategy  and  imple¬ 
mentation  work  plans.  Partici¬ 
pate  in  a  system  integration  pro¬ 
ject  engagement.  Participate  in 
code  development  within  sub¬ 
teams  and  assist  in  the  develop¬ 
ment  of  complex  EAI  and/or  web 
services  modules.  The  wage  of¬ 
fered  is  $75,000  per  year. 

The  work  schedule  is  Monday- 
Friday,  9:00  am  to  5:00  pm.  The 
minimum  requirements  are  as 
follows:  Bachelor's  degree  in 
Computer  Science,  Math,  Engin¬ 
eering  (any),  Information  Syst¬ 
ems  or  Business  Administration 
+  1  year  of  experience  in  the  job 
offered  or  1  year  of  experience 
as  a  Senior  Consultant,  Consult¬ 
ant,  Systems  Analyst  or  related 
occupation.  Related  experience 
must  include  Java,  Windows 
NT/2000,  Enterprise  Application 
Integration  (EAI)  Tools  and 
UNIX. 

Please  send  your  resume,  refer¬ 
encing  Job  Order  Number 
WEB452286  to  the:  PA  Career- 
link,  FLC  Unit,  235  W.  Chelten 
Avenue,  Philadelphia,  PA 
19144.  EOE 


Technical  Support  Analyst 

Experience:  Minimum  3  years 
recent  experience  in  a  similar 
position 

PCS  has  an  opening  for  a 
Technical  Support  Analyst  based 
in  Chicago,  Illinois.  The  selected 
candidate  must  have  a  minimum 
of  a  bachelors  degree  in  Elec¬ 
tronics  or  Management  Informa¬ 
tion  Systems  or  Computer  Sci¬ 
ence  or  Computer  related  field 
or  equivalent.  A  minimum  of  3 
years  of  recent  experience  in  a 
similar  position  is  required. 

Job  Description:  The  job  re¬ 
quires  the  employee  to  possess 
a  minimum  of  3  years  recent 
work  experience  in  a  similar  po¬ 
sition.  Prior  experience  with  de¬ 
signing  and  implementing  solu¬ 
tions  for  extending  systems 
management  capabilities  of  CA- 
Unicenter  TNG  for  different 
types  of  non-IT  devices  is  man¬ 
datory.  Must  possess  work  ex¬ 
perience  using  Wireless  Devices 
(Vast,  Opto22,  Ion  Networks, 
Badger  and  Nokia)  and  integra¬ 
tion  of  these  devices  with  CA- 
UnicenterTNG.  Prior  experience 
implementing  CA-Unicenter 
TNG  and  related  suites  of  Enter¬ 
prise  Systems  Management 
products  and  software  required. 

Additional  work  responsibilities 
involve  performing  systems  sup¬ 
port,  computer  operating  sys¬ 
tems  configuration,  perform  sys¬ 
tems  support  and  configure 
TCP/IP  and  computer  networks, 
Require  prior  work  experience 
working  on  Windows,  win- 
dows2000  server,  Windows 
2000  advanced  server.  Linux, 
Novell  platform  routers,  gate¬ 
ways,  LANS/WANS  and  fire¬ 
walls.  Responsib'e  for  in-house 
systems  administration,  network 
management,  e-mail  manage¬ 
ment,  LAN,  VPN,  remote  access 
management  and  providing  for 
in-house  users  and  external 
clients 

The  job  responsibility  requires 
travel  as  required.  Please  send 
your  resume  and  cover  letter  to: 
Human  Resources,  Profession¬ 
al  Consulting  Services,  Inc., 
1415  North  Dayton.  #3S, 
Chicago,  IL  60622. 
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IT  PROFESSIONALS 
Manager 

(Glen  Mills,  PA  and  other  locations  throughout  the  United  States).  Design 
and  implement  custom  technology  enabled  business  solutions  for  clients 
within  the  Financial  Services  industry  with  a  concentration  on  capital  mar¬ 
kets  and  brokerage  operations.  Responsible  for  managing  part  of  large, 
complex  system  integration  projects,  defining  systems  strategy,  program¬ 
ming,  and  developing  system  requirements  throughout  the  software  de¬ 
velopment  life  cycle  for  leading  financial  services  entities.  Implement  mid¬ 
dleware  solutions  to  enable  Straight  Through  Processing  within  capital 
markets  and  enable  clients  to  mix  packaged  applications,  custom  soft¬ 
ware,  and  legacy  software  for  use  across  internal  and  external  networks 
using  TIBCO  Message  Broker  and  IBM  MQ  Series  products  with  relation¬ 
al  databases  including  Oracle  database.  Implement  TIBCO  Rendezvous 
to  provide  a  high-performance,  scalable  platform  for  e-business  infra¬ 
structures,  enable  the  creation  of  robust  event-driven  applications  and 
ensure  minimal  integration-driven  traffic.  Utilize  Java  to  build  the  inbound 
and  outbound  connection  mechanism  for  messaging  solution.  Determine 
and  resolve  troubleshoot  issues  during  production  support  with  utilities 
built  using  C,  Java  and  SQL  queries.  Implement  systems  integration  of 
client  server  applications  and  apply  solution  specific  methodologies  to 
ensure  that  the  delivery  and  implementation  of  software  solutions  meets 
client  requirements  and  industry  standards. 

$101, 200/year.  Mon-Fri  9:00am-5:00pm.  The  minimum  requirements  are 
as  follows:  Bachelor's  degree  or  equivalent  in  Engineering  (any),  Comput¬ 
er  Science,  Mathematics,  Information  Systems  or  Business  Administra¬ 
tion  plus  5  years  of  experience  in  the  job  offered  or  5  years  of  experience 
as  a  Manager,  Software  Engineer,  Consultant,  Senior  Consultant  or 
Intern.  Employer  will  regard  a  foreign  degree  to  be  equivalent  to  a  U.S. 
Bachelor's  degree  as  determined  by  an  accredited  credentials  evaluation 
service.  Related  experience  must  include  1  year  of  consulting  to  leading 
financial  services  entities,  utilizing  relational  databases  (i.e.  Oracle),  pro¬ 
gramming,  TIBCO  Message  Broker,  TIBCO  Rendezvous,  and  IBM  MQ 
Series  product. 

Please  send  your  resume,  referencing  Job  Order  Number  WEB452291  to 
the:  PA  CareerLink,  FLC  Unit,  235  W.  Chelten  Avenue,  Philadelphia,  PA 
19144.  EOE. 


First  Consulting  Group  is  a  lead¬ 
ing  provider  of  information 
based  consulting,  integration, 
and  management  services  to 
healthcare,  health  plan,  pharma¬ 
ceutical  and  other  life  sciences 
organizations  in  North  America 
and  Europe.  We  are  currently 
seeking  a  Technical  Master  II  - 
Data  Architect. 

Technical  Master  II  -  Data 
Architect  (Atlanta,  GA)  Build 
matrices  for  data  collection  and 
data  analysis  for  making  high 
level,  complex  business  deci¬ 
sions.  Develop  conceptual  and 
data  models  utilized  to  store, 
organize  and  analyze  data  in 
large  volumes.  Responsible  for 
database  configuration,  set-up, 
database  back-up  and  recovery. 
Coordinate  and  install  database 
patches,  monitor  database  per¬ 
formance,  resolve  data  manage¬ 
ment  issues  and  problem  reso¬ 
lution.  Administer  database 
security,  diagnose  problems  and 
implement  corrective  actions. 
Write  financial  reports  for  cus¬ 
tomers  and  will  oversee  a  team 
of  subordinate  specialists. 
Require:  Bachelor's  degree  or 
foreign  degree  equivalent  in 
Computer  Science,  or  a  closely 
related  field,  plus  3  years  of 
experience  in  the  job  offered  or 
in  Software/Network  design  and 
development.  Must  also  include 
3  years  of  experience  using 
ORACLE. 

Send  resume  to: 
recruiter@fcg.com  (preferred)  or 
DP-Human  Resources,  First 
Consulting  Group,  Inc.,  Ill  W 
Ocean  Blvd,  4th  Floor,  Long 
Beach,  CA  90802  (No  Phone 
Calls  Please). 


Comp.  Prog,  for  coding,  s/w  dev. 
life  cycle,  concept,  d/zn,  test, 
budget  of  tech,  solns.  w /  empha¬ 
sis  on  O/A.  D/zn,  doc.,  &  impl. 
s/w  tools  that  facilitate  dev  of 
client  solns  per  req.  specs. 
Develop  mobile  appins.  w/ 
Agentry,  J2ME,  .NET.  iCon- 
verse,  iAnywhere.  Develop  s/w 
for  the  Pocket  PC  platform  in 
Oracle,  SQL,  CMMS/EAM, 
Indus  EMPAC,  &  Indus  InsiteEE 
Evaluate  feasibility  of  d/zn  w/in 
time  &  cost.  Consult  with  h/ware 
eng.  &  other  staff  to  interfac  b/w 
h/ware  &  s/ware,  &  opeml/  perf. 
Req.  of  system.  Use  scientific 
analysis  &  math,  models  to  pre¬ 
dict  outcomes  of  d/zn.  Develop 
&  direct  s/w  sys.  Test.  Procs., 
program.,  and  docum.  Install/ 
Maintain  s/w  sys.  Comp,  salary. 
BS  in  Comp.  Sci.  or  Math.  +  2  yr. 
exp.  in  job  duties  OR  5  yrs.  exp. 
in  SDLC.  Apply:  Ventureforth  - 
Job  Code  FA,  1835  Savoy  Drive, 
#216,  Atlanta,  GA  30341  w/ 
proof  of  perm,  w/k  authzn. 


IT  consulting  firm  located  in 
Vermont  has  multiple  openings 
for  IT  professionals  to  serve 
multiple  clients  throughout  the 
U.S.  Job  duties  include: 
Analysis,  design,  development 
and  testing  of  computer  applica¬ 
tions.  Specific  skill  sets  needed 
include: 

•  Mainframe  developers  with 
experience  in  COBOL,  CICS, 
DB2,  FOCUS,  ADABAS,  & 
Natural 

■  .Net  developers 

•  Java/J2EE  developers 

•  Peoplesoft  Developers 

•  Cognos  Developers 

•  Windows/Unix  Administrators 

•  Ablnitio/Business  Objects 
Developers 

•  Web-based  &  content  based 
developer  working  with  ECM, 
WDK,  DFC,  Applications 
Builder,  &  Workflow  Manager 

•  Client  server  developer  with 
C,  C++,  Java,  XML,  Solaris,  & 
Intranet 

•  QA  Testers 

•  ERP  Consultants  - 
Oracle/Peoplesoft/SAP 

All  positions  require  a  B.S. 
degree  in  computer  science, 
math,  engineering,  or  business. 
Some  senior  level  positions 
available.  Competitive  salary  is 
offered.  Experience  required 
varies  from  1-5  yrs.  exp.  in  skills 
identified  above.  Send  resumes 
with  salary  requirement  to: 
vt@iTechUS.com  Applicants 
must  have  authority  to  work  per¬ 
manently  in  the  U.S. 


Software  Engineer  sought  by  IT 
solutions  company  in  Broom¬ 
field,  CO  to  work  in  Broomfield 
and  other  unanticipated  job  sites 
in  the  U.S.  Engage  in  systems 
analysis,  design,  development 
and  implementation  of  Lotus 
Notes  and  Domino  database 
projects  using  Lotus  Script  and 
Formula  language,  HTML,  JAVA 
Script,  Visual  BASIC  Script  and 
ActiveServer  Pages.  Requires 
bachelor's  or  foreign  equivalent 
in  electronics  engineering  or  a 
related  field;  1  yr  exp  performing 
the  core  duties  and  using  the 
technologies  above;  must  have 
following  certifications  from  Lo¬ 
tus  1)Developing  Domino  Appli- 
ca-tions  for  the  Web,  2)Lotus 
Script  in  Notes  for  Advanced 
Developers,  3)Domino  R5  Appli¬ 
cation  Development  Update.  M- 
F,  8am-5pm;  $75,629/yr.  Re¬ 
spond  by  resume  to  Employ¬ 
ment  Programs,  PO  Box  46547, 
Denver,  CO  80202  and  respond 
to  JON  C05090512. 


Software  Engineer  -  Analy¬ 
sis,  design  &  devel  of  comp 
sftwr  for  ERP  (Enterprise 
Resource  Planning)  app 
using  SQL,  PL/SQL,  VB, 
JAVA,  CASE  (Computer 
Aided  Sftwr  Engg)  tools  & 
Oracle.  Hrs:  8am-4:30PM 
(40  hrs/wk).  Master's  degree 
req'd  w/major  field  of  study; 
Busn,  Comp  Sci  or  Comp 
Engg.  Min  2  yrs  exp.  Send 
resume  to:  Uday  Nene, 
Horizon  Companies,  Inc, 
2025  Lincoln  Hwy,  Ste  322, 
Edison,  NJ  08817. 


Sr.  DBA  wanted  by  Franklin 
Credit  Management  Corp.  in 
Jersey  City,  NJ.  Requires  MS  in 
comp  sci  or  related  field  w/min  5 
yrs  Microsoft  SQL  Server  db 
program/admin  exp.  Extensive 
exp  in  all  phases  of  db  admin, 
incl  install,  config,  physical  & 
logical  database  design,  perfor¬ 
mance  tuning,  writing  stored 
procedures  &  triggers,  security, 
troubleshooting  &  managing 
backup  &  recovery  plans.  Gen¬ 
erate  various  reports  using 
Excel,  Crystal  Report  /  Business 
Object.  Call  center  exp  req'd. 
Must  be  Certified  Microsoft  DBA 
(MCDBA).  Email  resume  to 
resume@franklincredit.com. 


Sr.  S/Ware  Developer  (CCNA) 
needed  to  install,  configure  & 
operate  LAN/WAN,  dial  access 
services;  configure  &  operate  IP, 
IGRP,  OSPF,  EIGRP,  Serial, 
Frame  Relay,  IP  RIP,  VLANs, 
RIP,  Ethernet,  Access  Lists  on 
Cisco  routers  &  multilayer 
switches;  dsgn,  dvlp,  test  & 
implmt  various  systms  &  web 
appls  using  C/C++,  C#,  Java, 
XML,  CORBA,  Oracle,  Informix, 
SNMP,  CMIP,  TLI,  ATM,  Sonet, 
DLS,  IP-VPN,  Frame-Relay, 
Unix,  AccessVision,  AdventNet, 
DSET,  Purify,  ClearCase,  DDTS, 
CVS  &  HP  Openview.  Resume 
to'  Global  Consultants,  8800 
Grand  Oak  Circle,  #100,  Tampa, 
FL  33637. 


Software  Developer.  Under  sen¬ 
ior  supervision,  analyze,  design, 
implement  and  maintain  soft¬ 
ware  for  banks  in  mortgage  in¬ 
dustry  including  consulting  w / 
financial  projects;  design  and 
model  databases  on  database 
servers;  and  develop  new  soft¬ 
ware  not  currently  existing  in  the 
industry.  Must  have  Bachelor’s 
degree  in  Computer  Science, 
MIS  or  related,  1  year  experi¬ 
ence  in  job  offered  or  Software 
Engineer  or  related,  and  experi¬ 
ence  must  include  working  with 
Java,  Eclipse,  XML,  SWT/Jface, 
UML  and  Rational  Rose.  Send 
resume  to  Praxis  Technology 
Group,  LLC,  Attn:  Mark  Loomis, 
1500  NW  118th  St.,  Des  Moines, 
IA  50325. 


Software  Engineer  (3  Openings) 
BA  in  Computer  Sci,  Electrical/ 
Electronics  Engg,  Math  or  Phys¬ 
ics  &  3  yrs  exp  reqd.  (mult,  pos.) 
Must've  verif.  refs.  &  be  able  to 
work  wknds,  hldys  &  OT  on 
short  ntc.  Design,  code  &  imple¬ 
ment  ProTech  software  solutions 
involving  use  of  proprietary  tools 
such  as  MSE  eDeveloper/ 
Magic,  as  well  as  Visual  Basic, 
ASP,  SQL,  HTML,  jScript  & 
XML.  FT.  Job  in  Fargo.  Proof  of 
right  to  work  perm,  in  US  reqd. 
Send  a  copy  of  resume  w/salary 
reqd  to  Mr.  Steve  Janoskie, 
General  Mgr,  ProTech,  14900 
Sweitzer  Lane,  Ste  201,  Laurel, 
MD  20707,  or  via  email  at 
sj@ptassoc.com. 


e-lite  companies 
e-merging  companies 
e-ssential  companies 

e-normous 

opportunities 
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Programmer  Analyst  to  con¬ 
sult  on  project  assignments. 
Requires  programming  back¬ 
ground  in  document  imaging 
and  workflow  systems.  Job  is 
based  in  Cleveland  with 
domestic  and  international 
project  assignments.  Send 
resume  to  Boundless  Flight, 
Inc.,  11700  Point  Overlook 
Place,  Strongsville,  OH 
44136,  Attn:  HR  Manager. 
Must  reference  job  code 
#PA4.  EOE. 


Premier  Technologies,  Inc. 

Programmer  Analysts:  Design 
and  develop  in  PeopleSoft  8.x 
HRMS  including  PeopleTools, 
App  Engine,  Component  Inter¬ 
faces,  workflow,  security,  sqrs, 
DB2,  SQL  Server,  Oracle,  UNIX 
and  NT.  Develop  programs  us¬ 
ing  Java,  ASP,  XML,  JavaScript, 
VB  Script  and  Plumtree  portal. 
Req.  Bachelor's  in  Comp.  Sci¬ 
ence  or  related  and  2  yrs  of  exp. 
Send  Resume  to:  Premier 
Technologies,  Inc.,  12808  West 
Airport  Blvd.  Suite  #  230  Sugar 
Land,  TX  77478.  E-mail: 
hrd@premierna.com. 


itcareers.com 
can  solve  the 
labyrinth  of 
job  hunting  by 
matching  the 
right  IT  skills 
with  the  right 
IT  position. 
Find  out  more 

at: 

www.itcareers.com 
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Network  Infrastructure  Security 
Engineer:  (Job  Order  Number 
NC2651479,  and  DOT  Code 
033.162-010).  Will  analyze,  de¬ 
sign,  plan,  test  and  implement 
Network  Infrastructure  architec¬ 
tures  for  base  of  service  pro¬ 
viders  and  enterprise  clients. 
Will  develop  unique  and  cus¬ 
tomized  software  solutions  using 
a  variety  of  programming  lan¬ 
guages.  Will  design  and  imple¬ 
ment  networks  with  switches, 
routers,  hubs,  access  devices 
using  a  variety  of  network  proto¬ 
cols  including,  but  not  limited  to 
TCP/IP,  BGP,  OSPF.  Will  define 
risk  management  strategies  and 
develop  corresponding  corpo¬ 
rate  security  policies  and  proce¬ 
dures.  Requirements:  B.S.  (or 
equiv)  in  CS,  MIS,  or  closely 
related  field  and  five  (5)  years  of 
experience  in  the  job  offered  or 
five  (5)  years  experience  in  the 
related  occupation  of  Network/ 
System  Engineering  or  Analysis. 
Also,  demonstrated  experience 
in  the  following:  (1)  Configuring 
and  implementing  Cisco  routers 
up  to  7500  series  utilizing  at 
least  four  of  the  following  tech¬ 
nologies:  ATM,  SNA,  DEC,  BGP. 
OSPF,  EIGRP  protocols;  (2) 
Policy  &  firewalls  for  security 
including  use  of  at  least  2  of  the 
following  vendors:  Pix,  Nokia, 
Checkpoint;  and  (3)  Monitoring 
9000+  node  network  using  HP 
Openview  and  an  ability  to  cus¬ 
tomize  monitoring  tools  using 
the  following  technologies: 
Tmip,  Foxpro,  Vbscript.  Offered 
salary  is  $85, 000/year  for  full¬ 
time  employment  (min.  40  hours 
per  week)  and  standard  compa¬ 
ny  benefits.  EEO.  To  apply 
please  visit  the  nearest  Employ¬ 
ment  Security  Commission  of 
North  Carolina  office  or  submit  2 
resumes  which  include  appli¬ 
cant's  Social  Security  Number  to 
Employment  Security  Commis¬ 
sion,  500  W.  Trade  Street, 
Charlotte,  NC  28202. 


Computer  Professionals,  Mid 
&  Senior  level  -  needed  for 
Portland,  ME  office.  MS/BS  or 
equiv.  and/or  relevant  work 
exp.  req.  Duties  included: 
Design,  develop,  program, 
test,  code  &  debug  computer 
applications.  Experience  with 
the  following  skills  is  prefer¬ 
red:  Unix,  Oracle  11i,  CRM, 
PeopleSoft  technologies, 
SAP,  PL/SQL,  TOAD,  Perl, 
Linux,  Solaris,  &  ERP.  Send 
resume,  ref.  &  sal.  req.  to 
Atten:  SR,  Cyber  Resource 
Group,  477  Congress  St.,  5th 
Floor,  Portland,  ME  04101. 


PROGRAMMER  ANALYSTS 
for  Chicago,  IL  office.  Develop 
&  maintain  software  applica¬ 
tions  using  Orbix,  J2EE,  MKS, 
C,  C++,  Java,  Interwoven, 
Coolgen,  Metrica,  Netrac,  Tux¬ 
edo,  Tango,  Eclipse,  CORBA, 
RMI,  RUP.  Bachelors  or  Equi¬ 
valent  Degree  reqrd  in  Com¬ 
puters,  Engineering  or  related 
field  +  2yrs  of  related  exp.  40 
hrs/wk;  Must  have  legal 
authority  to  work  permanently 
in  the  U.S.  Send  resume  to  HR 
Manager,  Infobahn  Softworld, 
Inc.,  10  South  Riverside  Plaza, 
Ste.  1800,  Chicago,  IL  60606. 


PROGRAMMER  ANALYSTS 
for  Overiand  Park,  KS  office. 
Develop  &  maintain  software 
applications  using  Orbix, 
J2EE,  MKS,  Rational  Rose, 
Interwoven,  Coolgen,  Clear- 
Case,  ClearQuest,  Rapidigm, 
Tuxedo,  Tango,  Eclipse, 
CORBA,  RMI,  RUP.  Bachelors 
Degree  reqrd  in  Computers, 
Engineering  or  related  filed  + 
2yrs  of  related  exp.  40  hrs/wk; 
Must  have  legal  authority  to 
work  permanently  in  the  U.S. 
Send  resume  to  HR  Manager, 
Bradford  &  Galt,  Inc.,  9200 
Indian  Creek  Pky,  Ste  570, 
Overland  Park,  KS  66210. 


First  Consulting  Group  is  a  lead¬ 
ing  provider  of  information  bas¬ 
ed  consulting,  integration,  and 
management  services  to  health¬ 
care,  health  plan,  pharmaceuti¬ 
cal  and  other  life  sciences  orga¬ 
nizations  in  North  America  and 
Europe.  We  are  currently  seek¬ 
ing  a  Business  Systems  Analyst. 

SENIOR  BUSINESS  ANALYST 
Organize  and  lead  design  teams 
to  review  and  customize  system 
content.  Lead  site  preparation 
activities  to  identify  and  meet 
electrical  and  cabling  needs. 
Write  specification  for  software 
configuration  changes  using 
Cerner  Command  Language 
and  SQL.  Assist  programmers  in 
making  programming  changes 
and  assisting  in  the  develop¬ 
ment  and  maintenance  of  scrup¬ 
ulous  change  management  rec¬ 
ords.  Manage  specification  and 
testing  process  for  ADT  (Admit, 
Discharges,  Transfers)  and  lab¬ 
oratory  system  interfaces.  Dev¬ 
elop  training  manuals,  establish 
training  schedules  and  conduct 
multidisciplinary  training  class¬ 
es.  Provide  on  the  spot  training 
for  physicians.  Manage  and  sup¬ 
port  the  clinical  system  day  to 
day  to  insure  optimal  perfor¬ 
mance  for  end  users.  Plan,  man¬ 
age  and  test  the  clinical  system 
upgrade  through  two  release 
levels.  Modify  codes  in  order  to 
customize  the  application  ac¬ 
cording  to  each  user  preference. 
Requirements:  Bach,  degree  in 
Computer  Science,  Business 
Administration  or  a  closely  relat¬ 
ed  field,  with  4  yrs.  of  exp.  in  the 
job  offered  or  as  a  Systems  An¬ 
alyst.  Experience  must  include  4 
years  of  experience  with  Cerner 
software. 

Send  resume  to: 
recruiter@fcg.com  (preferred)  or 
DP-Human  Resources,  First 
Consulting  Group,  Inc.,  Ill  W 
Ocean  Blvd,  4th  Floor,  Long 
Beach,  CA  90802  (No  Phone 
Calls  Please). 


IT  Systems  Engineer:  Assist  in 
providing  systems  engine  sup¬ 
port  &  ensure  availability  of 
midrange  Unix  based.  NT.  & 
Data  comm  HW  platforms  & 
enviros  using  C,  C++,  COBOL, 
Shell,  VB,  Java,  &  Pascal  prog 
languages.  Assist  in  problem 
identification  &  resolution,  ben¬ 
chmarking,  monitoring,  analyz¬ 
ing,  vendor  management,  docu¬ 
menting  probs,  &  client  inter¬ 
face.  Provide  tech  support  rele¬ 
vant  to  Midrange  &  Data  Comm 
HW  enviros  using  knowledge  of 
HTML,  ManageX,  IIS,  WTS, 
SQL,  Citrix,  Cisco,  TCP/IP  net¬ 
work,  &  Cold  Fusion  network 
admin  tools  &  UNIX  O/S,  IT/O,  & 
NT  op  systems.  This  is  an  entry- 
level  systems  engin  position 
working  under  close  supervision 
of  the  IT  Manager.  BS  Comp 
Sci,  Eng,  or  related  &  1  yr  exp  as 
System  Admin,  IT  Specialist, 
Assoc.  Systems  Eng.  Working 
&/or  theoretical  knowledge  of:  C, 
C++,  COBOL,  Shell  Prog,  VB. 
Java,  &  Pascal  prog  languages; 
HTML.  ManageX,  IIS,  WTS. 
SQL,  Citrix,  Cisco,  TCP/IP,  & 
Cold  Fusion  network  admin 
tools;  UNIX  O/S,  IT/O,  &  Win  NT 
op  systems.  $55,500/yr.  M-F.  40 
hrs/wk.  Denver,  CO.  Must  have 
proof  of  legal  authority  to  work 
permanently  in  U.S.  Application 
by  resume  only  to  Workforce 
Development  Programs,  PO 
Box  46547,  Denver,  CO  80202. 
Ref  job  #005090571. 


Application  Developers/Soft¬ 
ware  Engineers  needed.  Seek¬ 
ing  candidates  possessing  BS 
or  equivalent  and/or  relevant 
work  experience.  Part  of  the 
req.  rel.  work  exp.  must  include 
1  year  working  with  SQL  Ser¬ 
ver,  ASP  and  XML.  Duties  in¬ 
clude:  Write  technical  function¬ 
al  specs;  design  software; 
develop  apps;  gather  require¬ 
ments;  Work  with  the  following: 
C++,  XML,  ASP,  SQL  Server, 
Web  Services  and  IIS.  Mail 
resume,  references  and  salary 
requirements  to:  Aureex  Corp¬ 
oration,  2018  156th  Street,  NE 
#100,  Bellevue,  WA  98007. 


Manhattan  Associates,  Inc.,  a 
worldwide  leader  in  supply  chain 
execution  systems  is  looking  for 
IT  professionals  to  join  our  team 
at  our  Atlanta,  GA,  Burlington, 
MA,  &  Mtn.  View  CA.  locations. 
All  positions  require  BS  or  MS 
degrees  in  a  technical  field 
unless  otherwise  noted. 
Technical  Consultants.  Res¬ 
ponsible  for  sys  analysis,  des¬ 
ign,  develop,  config  &  implement 
of  end-to-end  proj.  for  clients 
using  Co.  prod  &  dev.  methods, 
3rd  party  prod.  (ERP.OMS)  w / 
specialized  knowledge  of  Supply 
Chain  Industry  (Planning  &  Exe¬ 
cution)  including  mgnt  of  imple¬ 
ments,  resources,  deliverables, 
client  relationships,  &  issue  res¬ 
olution  for  all  level  of  accts.  Use: 
OOD,  C++,  Oracle,  SQL,  Java, 
Javascript,  J2EE,  Perl,  Visual 
Basic,  Servlets,  JSP,  HTML, 
XML,  Web  Services,  IBM  Web¬ 
sphere,  WebMethods,  MQ-Ser- 
ies,  or  Unix  Sr  App.  Architect 
Design  bus.  processes  for  dis¬ 
tributed  order  mgnt  sys  using 
large-scale  commercial  app  de¬ 
velop.  Arch,  design  &  implement 
server-side  modules,  create  & 
maintain  design  docs.  Design 
tools  for  rapid  app  develop  using 
OOD/OOA  skills  with  Java, 
J2EE,  EJB,  Oracle,  XML,  XSL, 
XSLT,  Jboss,  BEA  Weblogic,  or 
IBM  Websphere.  Project  Mgr. 
Plan,  organize,  &  control  assign¬ 
ed  prod,  lines  from  conceptual 
states-product  life  cycles  to 
meet  mktg,  financ.  &  corporate 
growth  obj.  using  Biztalk.  SQL, 
MSMQ,  IIS.  Knowledge  of  inter¬ 
net  security  (eg  firewalls,  DMZs 
&  Digital  Server).  Crystal  Re¬ 
ports,  Supply  chain  sys  integra¬ 
tion  &  architecture  using  EIS 
tools  (SeeBeyond,  WebMeth¬ 
ods,  etc).  Analysts/Developers 
with  the  following  tech:  N-Tier 
C++,  VB,  VC++,  EJB,  COM, 
C++,  C#,  &  VC#  for  developing 
large-scale  software  applica¬ 
tions. 

Ops  Research  Analyst.  Analy¬ 
ze  complex  mgmt  info  req.  for 
transportation/logistics  optimiza¬ 
tion-based  decision  support  sys; 
incorporate  math  &  computer 
models  &  other  analytical  ap¬ 
proaches  to  deliver  research 
based  algorithmic/heuristic  solu¬ 
tions  for  re-engineering  into  pro¬ 
duction-ready  engines  &  incorp 
into  existing  software  apps.  Req: 
PhD  in  operational  research, 
transpo  or  Transpo  Sys  Engg  or 
logistics  optimization. 

Resumes  to:  J.  Lurey,  Manhat¬ 
tan  Associates,  2300  Windy 
Ridge  Pkwy,  7th  FI.  N,  Atlanta, 
GA  30339. 


Software  Quality 
Assurance  Engineer 

PCTEL  Inc.  a  global  leader  in 
simplifying  mobility  seeks  an 
experienced  Software  Quality 
Assurance  Engineer  to  evaluate 
and  test  computer  software  sys¬ 
tems  according  to  specifications 
and  standards.  Will  develop  and 
write  test  scripts,  initiate  the  test 
and  analyze  end  results.  Will 
perform  testing  of  wireless 
mobility  solutions  products,  write 
and  execute  test  plans,  test 
cases  and  scripts.  Develops 
new  test  strategies,  improve 
processes  for  incident  handling, 
test  development,  automated 
testing,  and  release  control. 
Develop  and  maintain  detailed 
test  plans  of  each  product  line  in 
test.  Reviews  functional  specifi¬ 
cations  and  design  documents 
for  accuracy,  testability,  and  to 
test  customer  usage  scenarios. 
Requires,  min.  of  two  years  pro¬ 
duct  exper.  with  Windows  98/ME 
/2000/XP;  MS  Office;  MS  SQL 
Server;  Pocket  PC;  Extensive 
knowledge  of  802.11  A/B/G; 
Working  knowledge  of  GPRS, 
UMTS  and  CDMA,  a  B.S.  de¬ 
gree  in  Computer  Science  or 
equivalent  and  a  min.of  two 
years  exper.  in  the  job  offered. 
Requires  travel  to  Eastern 
Europe  approx.  20%  of  the  year. 
Candidate  must  be  legally  eligi¬ 
ble  to  work  in  the  U.S.  for  any 
employer. 

Send  resume  directly  to: 
iobs@octel.com.  Please  include 
Job  code  500  QA  Engineer  in 
the  subject  line.  Or  mail  directly 
to:  HR  Dept.,  PCTEL,  Inc.  8725 
W.  Higgins  Rd.  Suite  400, 
Chicago,  II  60631.  PCTEL  Inc.  is 
an  equal  opportunity  employer. 


it  careers 


FIND  SOMETHING  BETTER. 


Technology  is  hot  again.  Is  your  career?  NOW  is  the  time  to  explore 
new  opportunities. 


Visit  Dice.com  to  find  a  better  job  with  better  pay.  Check  your  salary. 
Compare  your  skills.  Search  over  50,000  tech  jobs  from  leading 
companies  and  choose  to  have  new  jobs  emailed  to  you  daily. 

IT'S  TIME  for  something  better. 

Visit  Dice.com  today. 

Look  to  the  tech  leader  first.  ™ 


SENIOR  INTEGRATION  DEV¬ 
ELOPER  to  provide  on-site  con¬ 
sulting  in  analysis,  design, 
development,  testing  and  imple¬ 
mentation  of  business  to  busi¬ 
ness  and  cross-platform  integra¬ 
tions  of  applications,  EDI  to  sup¬ 
port  enterprise  applications 
using  WebMethods  integration 
tools,  J2EE,  SAP  R/3,  CORBA, 
Oracle,  Java,  JavaScript,  Cl 
C++,  C#  and  SQL.  Require: 
B.S.  in  Computer  Science  and 
four  years  experience  in  the  job 
offered  or  as  Web  Developer/ 
Technical  Consultant  (M.S.  with 
two  years  experience  may  be 
substituted  for  B.S.  and  four 
years  experience).  40%  travel  to 
client  sites  within  the  United 
States  required.  Competitive 
salary  and  benefits,  40 
hours/week,  8  am  to  5  pm,  M-F. 
Mail  resume  to:  Vice  President, 
Frontline  Consulting  Services, 
Inc.,  8701  Mallard  Creek  Road, 
Charlotte.  NC  28262. 


Programmer/Analyst  -  Plan, 
develop,  test,  implement  & 
document  computer  software 
for  ERP  (Enterprise  Resource 
Planning)  applications  using 
Oracle  11,  Ili&BAAN  ERP  in 
Unix  (Conceptual  Knowledge) 
&  Java.  Bachelor's  degree; 
Engg  major.  40  hrs/wk.  8am- 
4:30-pm.  2  yrs  exp.  Send 
resume  to:  Uday  Nene,  Mgr 
Employee  Relations,  Horizon 
Companies,  Inc.  2025  Lincoln 
Hwy,  Ste  322,  Edison,  NJ 
08817. 


Intercall,  Inc.  has  five  openings 
for  Software  Engineers  to  lead 
teams  to  design,  develop  prod¬ 
ucts  for  the  telecom  industry 
using  VB,  Power  Builder, 
Developer  2000,  Seagate 
Crystal,  Java,  XML,  HTML, 
OOP,  OOD,  Oracle,  Sybase, 
system  architecture  and  pro¬ 
gramming  on  Unix,  Windows  NT 
platforms;  analyze  business 
processes  to  determine  require¬ 
ments  which  conform  to  overall 
strategic  plan  and  provide  oper¬ 
ations  support;  train  end  users 
and  team  members.  Require  MS 
(or  foreign  equiv)  in  CS/ 
Engineering  (any  branch)/  relat¬ 
ed  field  &  1  yr  exp  in  IT  or  BS  (or 
foreign  equiv)  in  one  of  the 
above  fields  with  3  yrs  exp  in  IT. 
F/T.  Competitive  salary.  Travel 
involved.  Resumes  to  HR, 
Intercall,  Inc.,  1211  O.G.  Skinner 
Drive,  West  Point,  GA31833. 
Please  refer  Job  ICI0904 


Cyber  Technology  Group,  Port¬ 
land,  Maine  needs  experienced 
Programmer  Analysts  having  a 
Bachelors  degree/diploma  with 
minimum  two  years  of  progres¬ 
sive  work  experience  in  Power 
Builder  (v  8.0  )  with  PFC,  Oracle 
8.0  ,  C,  Sybase,  SQL  Navigator, 
MS  SQL  Server  6. 5/7.0  databas¬ 
es,  Visual  Basic  and  Java  using 
Microsoft  Project,  Power  Des¬ 
igner,  AppModeler  and  Erwin 
3.x.  Competitive  salary  and  ben¬ 
efits.  M-F,  40  hrs/week.  Please 
mail  your  resume  to  Cyber 
Technology  Group,  HR  Dept, 
480  Congress  Street,  Ground 
Floor,  Portland,  Maine  04101. 


SOFTWARE  ENGINEERS  - 
APPLICATION  DEVELOPMENT 
Resp.  for  software  requirements 
specification;  system  architec¬ 
ture  design  &  analysis;  imple¬ 
mentation;  integration;  tech, 
writing;  code  reviews;  software 
configuration  management;  uti¬ 
lizing  skills  in  product  definition, 
analysis,  design  &  development, 
Microsoft  Application  develop¬ 
ment  technologies,  &  ATL  COM/ 
DCOM,  COM+.  Position  will 
involve  some  traveling.  Req's 
Bach.  deg.  or  for.  equiv.  in  Com¬ 
puter  Engineering  or  closely 
related  field  and  min.  of  1  yr. 
exp.  as  Software  Engineer. 
Send  resume  to  Faith  Smock, 
H.R.  Director,  Sagestone.  Inc., 
618  Kenmoor  Ave.  SE,  Ste.  200, 
Grand  Rapids.  Ml  49546 


Systems  Accountant 

Devises  and  develops  ac¬ 
counting  and  financial  sys¬ 
tem,  software  and  related 
procedures  for  clients.  Req. 
a  BS  or  foreign  equv.  de¬ 
gree  in  Accounting,  Comp. 
Sci.  or  Mathematics  and 
profi.  in  PL/SQL  and  core 
Oracle  Financials.  40hrs/ 
wk.  Send  resume  to  HR, 
Dinero  Solutions,  35  Tech¬ 
nology  Pkwy  South,  #170, 
Norcross,  GA  30092.  Fax: 
770-613-5205. 


Find  dependable  and  experienced 
IT  professionals  at: 
www.itcareers.com 
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New  York/New  Jersey 

Tom  Davis,  Associate  Publisher.  Eastern  Region 
Elisa  Della  Rocco,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet:  tdavis,  elisas,  ajoseph@nww.com 
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Northeast 

Elisa  Della  Rocco,  Regional  Sales  Manager 

Internet:  elisas@nww.com 
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Internet:  jdibian@nww.com 
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Eric  Danetz,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet:  edanetz,  ajoseph@nww.com 
(201)  634-2314/FAX:  (201)  712-9786 
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they  automatically  can  block  a  worm  before  it  is  even  given  a  name 
by  security  experts. 

WormScout,  an  appliance  that  guards  LAN  segments,  was  first 
used  at  Sirva  last  November,  and  now  24  of  these  worm-detecting 
and  blocking  appliances  have  been  installed  in  U.S.  offices, 
Kozenko  says. 

“Within  two  hours  of  putting  it  in,  it  alerted  us  to  unwanted  traffic 
on  the  network,”  he  says.  “It  was  worm  spyware  trying  to  travel 
around.”  WormScout  pinpointed  the  source  computer  inside  the 
company,  and  the  IT  department  cleaned  it  up. 

WormScout  works  by  preventing  an  infected  computer  from  con¬ 
necting  to  the  rest  of  the  network.  However,  because  false  positives 
could  cause  a  lot  of  disturbance  to  the  firm’s  thousands  of  employ¬ 
ees,  the  IT  department  moved  cautiously  in  deploying  it. 

“For  the  rollout,  we  had  WormScout  in  ‘listen’  mode,  then  ‘monitor’ 
mode,  then  we  went  to  blocking,”  Shmayel  says. 

There  have  been  a  few  problems  in  using  WormScout,  such  as  it 
thinking  an  application  was  somehow  behaving  like  a  worm,  and  it 
did  block  a  VPN  connection,  he  says.  But  these  glitches  were  not  too 
hard  to  iron  out,  he  adds. 

Sirva,  which  also  has  installed  ForeScout’s  perimeter  defense  appli¬ 
ance  ActiveScout  at  its  Internet  access  point  in  Cleveland,  has  found 
the  behavior-based  technology  a  reliable  search-and-destroy  method 
to  prevent  major  worm  infestations. 

Further  rollouts  of  the  ForeScout  worm-killers  are  targeted  for 
Sirva  s  European  and  Asia  offices  next  year.  The  company  so  far  has 
spent  about  $350,000  on  the  project. 

Another  step  Sirva  has  taken  to  crush  worms  and  viruses  is  to  use 
the  MessageLabs  content-filtering  services  to  filter  e-mail,  Shmayel 
says. 

Sirva  investigated  a  number  of  virus  and  worm  prevention  meth¬ 
ods,  including  Cisco’s  Security  Agent  and  the  Network  Admission 
Control  security  system  that’s  becoming  part  of  Cisco  routers  and 
switches.  But  Sirva  didn’t  want  to  pin  its  hopes  on  any  in-line  device 
that  could  fail  or  an  approach  that  required  agent  software,  Kozenko 
says. 

However,  the  company  has  no  intention  of  doing  away  with  the  line 
of  Cisco  firewalls  and  intrusion-detection  systems  (IDS)  it  uses  only 
because  the  ForeScout  worm  defense  is  being  fully  deployed. 

There’s  no  reason  to  get  rid  of  IDS  and  firewalls  because  they  offer 
multiple  layers  of  security  Shmayel  says. 

Kozenko  says  he  would  like  to  see  ForeScout  integrate  its  worm- 
defense  products  with  the  open  source  IDS  Snort  so  that  WormScout 
and  ActiveScout  might  provide  more  information  on  application- 
layer  attacks,  such  as  SQL  Injection. 

“The  ForeScout  forensics  are  very  good,  and  we  just  want  to  gath¬ 
er  more  information,”  he  says.  “It’s  like  having  a  global  early  warn¬ 
ing  system.”  ■ 
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submitted  to  Earth  Link’s  Web 
site;  from  computer  logs  that 
show  how  many  e-mails  users 
sends  out  at  once  (an  excessive 
amount  is  a  telltale  sign  of  spam¬ 
ming);  and  even  from  federal 
investigators,  in  the  case  of 
offenses  such  as  fraud  or  child 
pornography  His  job  is  to  con¬ 
tact  suspects  over  the  telephone, 
if  possible,  alert  them  to  the 
problem  and  determine  whether 
an  account  should  be  can¬ 
celled. 

Rush  has  spent  his  career 
working  for  ISPs,  originally  in  the 
technical  support  department  of 
now-defunct  SpryNet  in  his 
hometown  of  Seattle.  A  series  of 
company  acquisitions  landed 
him  at  EarthLink,  where  he’s 
been  for  two  years. 

“Network  abuse  has  always 
been  an  interest  of  mine,”  Rush 
says.  Unlike  his  brother,  a  cop  in 
a  small  Texas  town,  Rush  chose  a 
career  keeping  the  peace  on  the 
Internet.  At  31  years  old,  he  feels 
like  he’s  heard  it  all. 

The  customers  he  contacts 
come  up  with  all  sorts  of  re¬ 
sponses  when  told  of  a  com¬ 
plaint,  ranging  from  denying  the 
charge  to  claiming  entitlement. 
“You’ll  get  someone  who  says, ‘I 
have  a  constitutional  right  to  do 
what  I  want,”’  Rush  says.“Fine,  just 
not  on  our  network.” 

Sometimes  they  just  hang  up 
and  never  log  on  again. 

Spam  and  phishing  have  be¬ 
come  such  headaches  for  ISPs 
that  most  major  providers  have 
established  an  abuse  team  to 
monitor  users’  behavior.  With 
spam  accounting  for  as  much  as 
70%  of  the  traffic  on  the  Internet, 
ISPs  such  as  EarthLink  have 
begun  trying  to  take  control  by 
monitoring  the  email  flow  going 
out  of  their  networks  and  filter¬ 
ing  the  messages  coming  in. 

Often  suspected  spammers  are 
clueless  of  the  network  abuse 
they’re  committing.  Maybe  a  virus 
took  over  a  customer’s  PC  and 
secretly  started  blasting  spam,  or 
perhaps  a  computer-addicted 


Got  great  ideas 


■  Got  a  suggestion  for  a 
Wider  Net  story?  An  offbeat 
network  industry-related 
topic?  A  fascinating  personali¬ 
ty  we  should  profile?  Contact 
Bob  Brown  with  your  ideas  at 
bbrown@nww.com. 


teenager  holed  up  in  his  bed¬ 
room  is  sending  out  bulk  e-mail, 
unbeknown  to  his  parents.11!  usu¬ 
ally  ask  if  there’s  a  young  male  in 
the  house,”  Rush  says. 

A  short  conversation  with  a 
suspected  abuser  often  reveals 
whether  spamming  was  inten¬ 
tional.  If  it  appears  the  user’s  PC 
is  infected  with  a  zombie,  Rush 
will  offer  instructions  for  clean¬ 
ing  up  the  computer.  If  the  cus¬ 
tomer  becomes  defensive  or 
abusive,  that’s  usually  a  sign  of  a 
spammer.  While  sending  spam  is 
not  against  the  law  in  most 
cases,  it  does  violate  EarthLink’s 


Down  to  EarthLink 

With  5,3  million 

users,  EarthLink  is  the 
third-largest  ISP  in 
the  U.S. 


use  policy;  not  only  can  Rush  ter¬ 
minate  the  account  of  a  spam¬ 
mer,  but  he  can  also  charge  a 
$200  cleanup  fee. 

Yet  canceling  a  spammer’s 
account  doesn’t  always  solve 
the  the  problem.  Serial  spam¬ 
mers  who  have  been  kicked  off 
the  EarthLink  network  once 
will  often  jump  back  on,  creat¬ 
ing  as  many  as  four  or  five 
fraudulent  accounts  per  day 
using  stolen  credit  cards. This 
elevates  the  abuse  from  nui¬ 
sance  to  fraud,  which  is  a  fed¬ 
eral  offense. 

While  Rush  can’t  always  pin¬ 
point  abusers, because  they’re 
operating  with  phony  account 
information,  he  often  follows 
their  tracks  by  analyzing  behav¬ 
ior  patterns.  One  notorious 
spammer,  whom  EarthLink 
helped  put  behind  bars,  repeat¬ 
edly  used  the  names  of  sports 
such  as  baseball  and  football  as 
his  password. 

Then  there  are  the  hard-core 
abusers,  such  as  those  sending 
child  pornography  In  these 
cases  Rush  doesn’t  even  bother 
attempting  to  reach  the  cus¬ 
tomers  before  shutting  down 
their  accounts;  he  just  takes  his 
orders  from  federal  authorities 
such  as  the  FBI  or  Secret 
Service. 

One  group  of  computer  crimi¬ 
nals  Rush  doesn’t  deal  with  is 
phishers.These  scammers  who 
steal  personal  and  financial 
information  by  creating  fraudu¬ 
lent  e-mail  luring  unsuspecting 
recipients  to  a  bogus  Web  site 
have  become  so  prevalent  that 


EarthLink  created  a  new  depart¬ 
ment  to  deal  with  them. 

Among  the  more  colorful 
abusers  are  those  engaged  in 
electronic  spats.The  abuse  de¬ 
partment  will  receive  a  com¬ 
plaint,  from  one  of  its  own  cus¬ 
tomers  or  from  outside  the  net¬ 
work,  claiming  an  EarthLink  user 
is  sending  harassing  email.  Earth- 
Link  has  a  procedure  for  dealing 
with  harassment  —  Rush  informs 
recipients  that  they  must  first 
respond  to  the  harassers  asking 
them  politely  to  stop  all  contact 
before  the  abuse  team  can  get 
involved. 

Often  Rush  discovers  that 
both  the  abuser  and  the 
accuser  are  engaging  in  harass¬ 
ment. “They’re  using  every  way 
shape  and  form  [of  communi¬ 
cation]  to  harass  each  other,”  he 
says. The  abuse  team  stops 
short  of  offering  counseling, 
however;  instead  Rush  will 
warn  and  fine  repeat  offenders. 
In  these  harassment  cases  Rush 
also  has  the  authority  to  termi¬ 
nate  an  account,  though  he 
says  he  rarely  does. 

EarthLink  enforces  this  harass¬ 
ment  policy  with  all  of  its  users, 
even  a  judge  who  complained 
that  a  man  with  a  criminal 
record  who  landed  in  his  court¬ 
room  was  sending  malicious 
e-mail. The  harasser  was  com¬ 
plaining  to  the  judge  about 
such  minutia  as  the  fringe  on 
the  American  flag  hanging  in 
his  courtroom. 

Even  though  the  judge  for¬ 
warded  the  e-mails  to  EarthLink 
and  described  the  history  of 
the  conflict,  Rush  told  the  judge 
to  respond  to  the  e-mail  with  a 
polite  request  that  the  harass¬ 
ment  stop  before  having  the  ISP 
step  in. 

Rush  doesn’t  spend  every  day 
investigating  spammers’  patterns 
or  confronting  criminais.He  says 
98%  of  his  job  is  doing  mundane 
work  such  as  going  through 
incoming  complaints  and  com¬ 
puter  logs  of  usage.  (He  only 
reads  the  content  of  an  e-mail  in 
extreme  cases,  he  says.) 

However,  it’s  all  worth  it  for 
those  few  times  “when  you  know 
you’ve  caught  the  bad  guys,"  he 
says.“I  didn’t  take  the  job  just  to 
read  e-mail  headers.” 

While  he  believes  his  job  is 
important,  Rush  doesn’t  take  the 
role  of  Internet  cop  too  ser¬ 
iously.  But  he  admits  with  a 
chuckle  that  his  favorite  com¬ 
puter  game  at  the  moment  is 
called  City  of  Heroes.  ■ 


Get  more  information  online. 
DocFinder:  3749 
www.nvfiision.com 


NetworkWorld 


9/13/04 


News 


www.nwfusion.com  | 


Demomobile 

continued  from  page  1 

the  fear/  says  Paul  Fulton,  president  and  CEO  of  Orative,  a 
start-up  with  software  that  sorts  and  manages  cell  phone 
calls  and  messages  for  corporate  users.” 

For  all  the  vendors,  the  hard  work  is  ahead:  turning  pro¬ 
totypes,  beta  code,  ideas,  ambitions  and  dreams  into  viable 
products  that  people  will  buy 

Here’s  a  closer  look  at  four  of  the  dozen  or  so  enterprise 
network-focused  innovations  highlighted  at  the  show: 

Orative 

Cell  phones  have 
become  one  of  the  most 
critical  tools  for  em¬ 
ployees  not  only  in  the 
field  but  also  in  the 
office,  Fulton  says.  Yet 
cell  phones  today  lack 
the  management  and 
control  features  found  in 
corporate  PBXs  and 
e-mail  systems,  he  says. 

“You  get  a  lot  of  voice 
mails  on  your  cell 
phone,”  Fulton  says.  “But 
you  have  to  call  in  and 
listen  to  every  message, 
write  down  numbers 
and  names,  and  sift  the 
solicitations  from  the  important  business  calls.” 

By  contrast,  Orative  s  client/server  software  creates  a  list 
of  your  calls,  visible  on  the  phone’s  screen. You  can  see 
which  ones  are  important  and  call  back  with  the  press  of 
a  button,  or  press  another  button  to  send  an  alert  that 
you’ve  seen  the  message  and  will  call  back  in  a  given 
number  of  minutes. 

The  software  has  a  server  component  that  runs  on  Linux, 
with  a  set  of  Web  screens  for  setup  by  administrators  and 
for  setting  preferences  by  users.You  can  buy  a  version  that 
links  with  Microsoft  Exchange  Server  or  Lotus  Domino  to 
access  calendar,  contacts  and  directories. There  is  a  Light¬ 
weight  Directory  Access  Protocol  interface  to  link  with 
Microsoft  Active  Directory 

After  a  user  account  has  been  created,  the  user  from  a 
Web  browser  logs  on  to  the  Orative  server,  which  then  dials 
the  handset.  Once  connected,  it  downloads  —  over  any 
cellular  network  —  the  small  client  application,  which  is 
based  on  Qualcomm’s  Brew  mobile  software.  After  that,  the 
software  tracks  and  displays  all  your  cell  phone  calls. 

Beta  testing  is  set  to  start  later  this  fall,  with  availability 
expected  for  early  next  year.  Pricing  has  not  been  deter¬ 
mined  but  Orative  executives  say  it  will  be  “in  line  with 
messaging  options”  offered  by  carriers. 

Routel 

Start-up  Routel  says  it  had  to  create  its  own  client 
devices  to  get  its  software  to  work.The  company  will  soon 
offer  through  contract  manufacturers  a  trio  of  handheld 
devices  in  different  styles  without  memory  or  disk  storage. 

Using  Route  1’s  software  and  a  wireless  LAN  (WLAN)  or 
celluiar  link,  the  devices  act  as  the  keyboard  and  display  of 
the  PC  at  your  desktop. 

The  Mobi.at  $500,  is  a  Windows  CE-based  clamshell-style 
PDA,  with  a  full  keyboard;  the  Mobi  Executive  mimics  the 
size  and  style  of  a  laptop;  the  Mobi  Fleet,  about  the  same 

ize  as  the  Executive,  has  a  ruggedized  design  and  can  be 
mounted  in  vehicles. The  latter  two  devices  run  Windows 
XP  and  will  cost  $1,500  apiece. 

The  handhelds  include  an  802. 1  lb  WLAN  adapter  and  a 
choice  of  Code  Division  Multiple  Access  or  General  Packet 
Radio  Service/GSM  cellular  interface.  They  automatically 
connect  first  to  a  Routel  server  for  registration  and  then  to 


the  network  through  a  corporate  firewall. The  server  works 
with  an  agent  on  the  PC  to  set  up  a  peer-to-peer  connec¬ 
tion  between  the  two  devices.  After  that,  it’s  as  if  the  remote 
user  is  sitting  at  his  PC,  accessing  data  and  applications  on 
the  C  drive. 

Users  can  click  on  a  Microsoft  Word  document,  open  it 
and  work  on  it,  or  view  a  2M-byte  e-mail  attachment  with¬ 
out  having  to  download  it  from  the  network.  But  very  little 
data  passes  over  the  wireless  link. 

“What’s  very  clever  is  [that]  it’s  sending  a  graphical 
representation  to  the  Mobi  device  of  everything  that’s 
on  my  desktop  PC,” says  Barry  Richards,  a  wireless  mar¬ 
ket  analyst  with  Paradigm  Capital,  who’s  used  an  early 
version  of  a  Mobi  handheld  to  access  his  desktop  PC 
and  a  tablet  PC.  Interaction  with  the  PC  applications, 
even  over  low-bandwidth  cellular  links,  has  been 
quick  and  smooth,  he  says. 

According  to  Routel  CEO  Andrew  White,  customers 
would  buy  the  device  and  the  PC  agent,  and  use  their  exist¬ 
ing  cellular  carrier  or  a  WLAN.  No  other  software  is  needed. 

The  Mobi  devices  are  scheduled  to  ship  by  year-end. 

Adesso 

Adesso  unveiled  Version  2.5  of  its  Instant  Mobility  Plat¬ 
form,  a  set  of  programs,  tools  and  applications  for  deploy¬ 
ing  mobile  applications,  managing  the  application  data 
and  provisioning  end  users. 

The  centerpiece  of  the  new  release  is  SyncLink,  new 
code  that  lets  you  select  data  residing  in  existing  back-end 
databases;  deliver  it  to  Adesso  users;  and,  if  needed,  update 
those  databases. 

Using  SyncLink’s  graphical  screens,  a  developer  selects 
specific  database  tables  from  a  PeopleSoft  or  SAP  applica¬ 
tion,  selects  specific  fields  and  assigns  access  controls 
such  as  “read  only’ When  finished,  SyncLink  generates  its 
own  internal  tables  in  Adesso  formats. 

This  data  then  is  passed  down  to  Adesso  clients,  where 
end  users  can  work  with  it  in  their  applications.  When 
users  reconnect  and  start  to  synchronize  with  a  field  sales 
or  inventory  application,  SyncLink  tracks  all  the  changes, 
translates  data  into  the  appropriate  back-end  database  for¬ 
mats  and  makes  any  needed  updates. 

With  this  approach,  mobile  clients  don’t  have  to  connect 
directly  to  the  back-end  database,  which  requires  a  persis¬ 
tent  and  often  high-bandwidth  connection. 

The  Adesso  Instant  Mobility  Platform  ranges  from  $20  to 
$100  per  month  with  a  minimum  of  a  one-year  contract. 
The  price  is  based  on  the  business  process  framework  imp¬ 
lemented  such  as  Field  Sales  or  Field  Data  Collection. The 
offering  can  be  hosted  by  Adesso  or  at  the  customer  site. 

Xora 

Xora  demonstrated  Version  2.0  of  its  GP  TimeTrack  appli¬ 
cation,  a  program  that  monitors  time  and  location  data  for 
field  workers  with  smartphones. 

GP  TimeTrack  and  other  Xora  applications  run  on  the 
vendor’s  EnterpriseOne  middleware.  Xora  offers  a  hosted 
service  for  its  applications,  or  they  can  be  bought  via  a  tra¬ 
ditional  software  license. 


Routel 's  Mobi  Executive  mimics  a  laptop  or  tablet  PC.  The 
vendor's  software  lets  the  Executive's  keyboard  and  display 
work  via  a  wireless  link  with  the  hard  drive  on  a  user's 
office  PC. 


As  with  Adesso,  the  key  change  is  simpler  access  to  exist¬ 
ing  enterprise  data.  The  new  Data  Shuttle  server  program 
polls,  via  SQL  queries,  targeted  tables  and  fields  in  back¬ 
end  Open  Database  Connectivity  (ODBC)  databases.Then 
it  makes  a  Web  services  call  to  the  Xora  server,  which 
routes  subsets  of  data  to  the  appropriate  users’  phones.This 
two-way  process  can  be  triggered  by  an  event  such  as  a 
new  service  call. 

Xora  has  built  a  Data  Shuttle  specifically  for  Intuit’s 
MasterBuilder  software  and  will  build  others. Users  can  use 
the  Xora  tool  set  to  create  their  own  shuttles  to  any  ODBC 
database. 

Also  new  is  a  feature  called  Smart  Job  Zones,  which  is 
software  that  uses  the  location  data  in  a  GPS-equipped 
smartphone  to  trigger  time-tracking  for  a  job  when  the  user 
moves  into  a  certain  location. 

The  features  of  Version  2.0  are  scheduled  to  be  intro¬ 
duced  via  Xora’s  wire¬ 
less  carrier  channel  in 
October,  as  well  as  via 
the  vendor’s  hosted 
service.  The  base  ser¬ 
vice  is  $12  per  month 
per  user,  with  a  $25 
one-time  setup  fee  per 
phone.  Data  Shuttle 
and  other  new  fea¬ 
tures  will  be  available 
as  an  additional  ser¬ 
vice,  priced  at  $4  per 
user.  ■ 


Microsoft 

continued  from  page  8 

Computing  protocol  for  remote  access  and  the  require¬ 
ment  to  run  Microsoft’s  Internet  Information  Server  to  sup¬ 
port  Web-based  access  to  Virtual  Server. 

“Both  are  prohibited  on  our  network,”  Sellers  says.  “I’d 
rather  have  a  console  for  Virtual  Server  and  forgo  the  Web- 
based  management. That  would  eliminate  one  big  hurdle 
for  us.” 

Virtual  Server  also  requires  Win  2003,  while  competitors 
such  as  VMWare’s  GSX  and  SW-Soft  Virtuozzo  provide  a 
Win  2000  or  Linux  option  for  the  host  operating  system. 
VMWare’s  ESX  bypasses  the  host  operating  system  alto¬ 
gether  with  a  technology  called  Hypervisor,  an  optimized 
operating  system  or  microkernel,  built  into  the  virtualiza¬ 
tion  platform.  ESX  also  supports  virtual  machines  across 
multi-processors,  while  GSX  and  Virtual  Server  support 
only  single-processor  deployment. 

“If  you  are  serious  about  doing  virtualization  as  an  IT 
strategy,  the  microkernel-based  approach  is  really  the  best 
approach  because  you  don’t  have  a  big  fat  host  [operating 
system]  as  a  security  attack  target,”  says  Michael  Mullany, 
vice  president  of  VM Ware. 

Microsoft  officials  don’t  dispute  the  performance 
improvements  with  Hypervisor  but  say  Windows  Server 
2003  as  the  host  operating  system  provides  a  consistent 
driver  model  so  users  don’t  have  to  worry  about  device 
compatibility 

It  fits  into  Microsoft’s  overall  strategy  for  virtualization, 
experts  say 

“The  Microsoft  strategy  is  a  migration  strategy  while 
VMWare  is  a  consolidation  strategy  says  Dan  Kusnetzkyan 
analyst  with  IDC.“Microsoft  is  focusing  on  how  do  we  offer 
a  Microsoft-centric  virtualized  environment  that  allows 
multiple  Microsoft  stacks  of  software  to  run  on  the  same 
machine  either  for  consolidation,  legacy  applications  or 
separation  of  workloads.  Other  operating  environments 
are  secondary.  Microsoft’s  view  is  that  this  technology  is 
largely  a  way  to  help  people  who  are  on  older  versions  of 
software  move  to  the  newer  ones.”  ■ 
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Vortex  1 2004 

SETTING  THE  IT  AGENDA 

VORTEX  2004:  SETTING  THE  IT  AGENDA  is  an  interactive  experience  showcasing  a  diversity  of  informed 
opinion  and  fresh  insights  on  the  future  of  the  nearly  $1  trillion  enterprise  IT  market.  VORTEX  is  an  immersive 
dialogue  among  chief  executives,  chief  information  officers,  leading  analysts  and  investors  on  issues  including: 

■  What  shape  will  the  post-client/server  IT  world  take? 

*  How  are  leading  vendors  like  IBM,  Microsoft,  Oracle,  SAP,  EMC,  HP,  Cisco,  and  others  positioning 
themselves  for  market  dominance  and  what  opportunities  are  created  for  innovators? 

■  Are  vendors  and  IT  executives  in  sync  on  key  issues  and  directions? 

■  How  can  early  adopters  create  competitive  advantage? 

Through  a  series  of  frank  one-on-one  interviews,  engaging  Q&A’s  and  spirited  panel  discussions,  John  Gallant  and 
Geoffrey  Moore  will  analyze  diverging  vendor  strategies  and  compare  their  visions  with  the  current  needs  of  IT. 
All  to  help  you  determine  what  you  need  to  design  and  buy  for  your  enterprise  to  prosper. 


For  more  information  and  to  register,  visit  www.vortex.net/V4A4S  or  call  800-643-4668 


SOME  OF  THE  SPEAKERS  YOU'LL  HEAR  FROM  AT  VORTEX  2004  INCLUDE: 


Shai  Agassi  Member  of  the  Executive  Board,  SAP  AG  ■  Dr.  Francine  Berman  Director,  San  Diego  Supercomputer  Center  ■  Jeffrey  Blumenfeid  Partner,  Antitrust 
and  Intellectual  Property,  Crowell  &  Moring  LLP  ■  Howard  Elias  EVP,  Corporate  Marketing  &  Office  of  Technology,  EMC  Corporation  ■  John  Gantz  SVP  &  Chief 
Research  Officer,  IDC  ■  Umang  Gupta  I  Chairman  &  CEO,  Keynote  Systems  ■  John  Hagel  Management  Consultant  &  Author  ■  Donald  A.  Haile  CIO,  Fidelity 
Investments  Systems  Company  ■  Steve  R.  Hanna  Information  Officer,  Global  Sales,  Services  &  Marketing,  GM  IS  &  S,  General  Motors  •  Sam  Jadaiiah  General 
Partner,  Mohr  Davidow  Ventures  ■  Mitchell  Kertzman  Partner,  Hummer  Winblad  Venture  Partners  ■  David  Kirkpatrick  Senior  Editor,  Internet  &  Technology,  Fortune 
Magazine  •  Scott  Kriens  Chairman  &  CEO,  Juniper  Networks  ■  John  Landry  Chairman  &  CTO,  Adesso  Systems,  Inc  ■  Dan'!  Lewin  Corporate  Vice  President, 
Business  Development,  DPE  Division,  Microsoft  Corporation  •  Christopher  Lynch  President  &  CEO,  Acopia  Networks  ■  Marten  Mickos  CEO,  MySQL  AB  ■ 
L.  David  Passmore  Research  Director,  Network  and  Telecom  Strategies,  The  Burton  Group  ■  Charles  E.  Phillips,  Jr.  President  &  Member  of  the  Board,  Oracle 
Corporation  •  Ron  Ponder  Executive  VP  &  CIO,  WellPoint  ■  Shane  V.  Robison  EVP,  Chief  Strategy  &  Technology  Officer,  Hewlett-Packard  ■  Joe  Schoendorf 
Partner,  Accel  Partners  ■  Jonathan  Schwartz  President  &  COO,  Sun  Microsystems  ■  Stratton  Sdavos  Chairman  &  CEO,  VeriSign  ■  Steven  Silberstein  Managing 
Director,  Lehman  Brothers  •  Peter  Solvik  Managing  Director,  Sigma  Partners  ■  Mike  Volpi  SVP  &  General  Manager,  Routing  Technology  Group,  Cisco  Systems, 
Inc.  ■  Irving  Wladawsky-Berger  VP,  Technology  &  Strategy,  IBM  Corporation 


PLATINUM  SPONSORS 


GOLD  SPONSORS 


WI-FI  SERVICE  PROVIDER 


PR  PARTNER 


Cisco  Systems 

EMC2  Northern  ©motive 


where  information  live 


Ireland 

NORTEL  _  T  7 

NETWORKS  QUALCO/WW  VirtUS^ 


BUSINESS  WITHOUT  BOUNDARIES 


FiBerlink  ^IJuniper 

\  NETWORKS  I 

Qwest.  —  VeriSign5 

Spirit  of  Service”  LJ 


ARyBA  A  &  R  PARTNERS 


WIRELESS  NETWORKS 


POUTER 


NOVELLI 


Network  World  Events  and  Executive  Forums  reserves  the  right  to  determine  the 
audience  profile 


Hi  NetworkWorld 


m— 


9/13/04 


BackSpin 


Mark  Gibbs 


SP2  confounds  the  world 


oof  Department:  Regarding  last 
week’s  column  on  The  SCO 
Group  (see  www.nwfusion. 
com,  DocFinder:  3751)  and  my 
digression  into  O.J. Simpsons  trials, 
reader  Harold  Burstyn,an  attorney, 
wrote  in  to  point  out  that  “neither 
was  a  ‘federal  case.’  Both  the  criminal 
trial  for  murder  and  the  civil  trial  for  wrongful  death 
were  in  California  courts.”  I  am  guilty  as  charged, 
m’lud.But  I  did  point  out  that  I  am  not  a  lawyer,  and 
neither  is  my  editor. 

Anyway  the  other  day  I  fired  up  my  desktop 
machine  and  Microsoft’s  mega  update,  Service  Pack 
2,  was  ready  to  install.  Whirr,  whirr,  clunk,  clunk, 
reboot ...  it  was  done. 

While  I  didn’t  experience  the  horror  of  my 
machine  not  firing  up  properly  as  has  been  the  sad 
fate  of  some  people,  the  number  of  applications  that 
are  broken  by  this  patch  are  amazing. 

It  busted  one  utility  that  1  particularly  like  called 
Infotriever  from  Infotriever,Inc.I  first  stumbled  across 
this  tool  when  1  booked  the  flights  for  my  forthcom¬ 
ing  Network  World  Technology  Tour, “Strategy  & 
Management  for  Messaging  &  Spam.” 

(Shameless  Plug  Department:  The  Spam  Tour,  as  it 
is  affectionately  called,  will  be  in  Atlanta  on  Sept.  21, 
New  York  on  Sept.  23,  Dallas  on  Sept.  28  and  Denver 


on  Sept.  30.  See  DocFinder:  3752  for  details.) 

Anyway  the  travel  service  that  Network  World  uses 
provides  a  link  to  a  Web  page  that  lists  your  flights 
and  so  on.  On  that  page  is  an  icon  and  the  words 
‘Add  to  your  calendar!’  If  you  haven’t  already  done 
so,  the  Infotriever  application  is  downloaded  and  the 
travel  items  are  added  to  your  personal  information 
manager  (that  includes  Microsoft  Outlook,  Lotus 
Notes  and  Best  Software’s  Act!). 

While  writing  about  Infotriever  in  my  Network 
World  Web  newsletter,  1  uninstalled  Infotriever. 

(Another  shameless  plug:  Go  to  DocFinder:  3753 
and  sign  up  for  my  Web  Applications  newsletter. 
And  check  out  the  archives  at  DocFinder:  3754.) 

Uninstalling  Infotriever  turned  out  to  be  a  big 
mistake  because  when  I  tried  to  reinstall  it,  it 
failed.  Worse,  it  failed  mysteriously  with  strange  tiny 
and  empty  Internet  Explorer  windows  popping  up 
and  vanishing  followed  by  messages  that  didn’t 
help. 

As  it  turns  out,  the  problem  stemmed  from  the 
newfound  aggressive  security  features  in  SP2.The 
answer  is  simple  enough  —  click  on  the  small  and 
unobtrusive  new  status  bar  in  Internet  Explorer  at. 
the  top  of  the  browser  display  area,  just  below  the 
tool  bars,  and  click  on  the  button  to  allow  the 
ActiveX  control  to  install. 

(Idle  Question  Department:  Why  does  Microsoft 


www.nwfusion.com 


keep  adding  to  the  Windows  user  interface?  Tooltips, 
bubble  pop-ups  from  the  start  menu,  the  system  tray 
and  on  and  on,  and  now  the  security  status  bar  in 
Internet  Explorer.  Over  the  last  few  years  the  inven¬ 
tory  of  user  interface  fripperies  has  grown  to  the 
point  where,  unless  you  have  a  screen  up  in  the 
1 ,024-by-960-pixel  range,  there’s  more  user  interface 
gunk  than  usable  space!) 

While  my  problem  was  trivial,  things  are  tough  for 
all  the  vendors  out  there  whose  software  is  broken 
by  Microsoft’s  improvements.They  are  being  del¬ 
uged  with  support  calls  as  to  why  their  software  isn’t 
working. 

Now  should  SP2  automatically  enable  such  restric¬ 
tions  without  educating  the  user?  Should  it  use  such 
a  low-key  way  to  inform  the  user  of  what  is  going  on 
when  there  is  a  problem? 

How  difficult  would  it  have  been  for  SP2  to  make 
sure  the  user  is  aware  of  what  is  going  on  when  it  is 
installed,  let  him  select  the  level  of  security  he 
wants’,  and  provide  him  with  choices  for  the  degree 
to  which  the  new  notifications  will  be  “in  your  face”? 

While  we  should  applaud  Microsoft  for  doing 
something  positive  about  security  I  find  it  depressing 
that  the  richest  software  company  in  the  world  can’t 
get  the  usability  issues  sorted  out. 

Interface  with  backspin@gibbs.com. 
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News,  insights,  opinions  and  oddities 


By  Paul  McNamara 


Are  4%  of  your  co-workers  morons? 

When  St.  Louis  investment  house 
Edward  Jones  &  Co.  summarily  fired  19 
employees  for  “Internet  abuse,”  this  columnist  was  quick  to  condemn  the  dis¬ 
missals  as  excessive. 

“We’re  talking  about  19  fellow  human  beings  with  spouses,  children,  mortgages, 
dreams  and  now,  thanks  to  the  petty  tyrants  who  run  Edward  Jones,  shredded 
careers  in  the  financial  services  industry.”That's  what  I  wrote  at  the  time,  and  1 
recall  taking  a  measure  of  satisfaction  from  the  “petty  tyrants”  crack,  too. 

But  that  was  five  years  ago.  In  the  summer  of  1999,  such  firings  were  so  rare  as 
to  garner  headlines  and,  in  the  judgment  of  at  least  some  observers,  so  draconian 
as  to  warrant  ridicule. 

Today  neither  is  the  case.  As  American  workers  return  from  their  summer 
vacations  of  2004,  no  one  can  claim  ignorance  of  the  fact  that  using  company 
computers  to  send  smutty  e-mail  or  visit  naughty  Web  sites  can  get  you  canned 
faster  than  telling  off  the  boss.  Reasonable  people  still  can  have  a  discussion 
about  whether  zero  tolerance  makes  sense  and  whether  unemployment  is  a  fit¬ 
ting  punishment  for  a  first  offense,  but  there  is  no  longer  any  debate  over  the 
central  issue:  You  just  can’t  do  this  kind  of  thing  at  work  —  period  —  and  only  a 
moron  would  take  the  risk. 

Trouble  is  we  have  no  shortage  of  morons. 

Four  percent  of  workers  say  they  regularly  flout  their  workplace  Internet  abuse 
policies  —  not  to  mention  common  sense  —  according  to  a  recent  survey  con¬ 
ducted  at  the  behest  of  Web  and  e-mail  filtering  vendor  SurfControl.The  survey 
covered  350  companies  in  the  U.S.,  U.K.  and  Australia. 

Now  4%  might  not  sound  like  a  particularly  large  number  of  morons,  but  con¬ 
sider  this:  It  likely  understates  the  problem,  because  some  number  of  those  sur¬ 
veyed  must  have  been  unwilling  to  confess,  and  the  4%  who  did  were  copping  to 


indulging  in  recklessly  illicit  behavior  every  . . .  single  . . .  workday.  (About  one- 
third  of  respondents  say  they’ve  done  so  at  some  point.) 

And  that  4%  knot  of  daily  deviants  might  help  explain  another  of  this  study's 
findings:  About  half  of  all  the  workers  surveyed  reported  having  “been  exposed  to 
sexually  explicit  material  by  co-workers  who  had  downloaded  it  from  the  Web.” 
One  need  not  be  a  lawyer  or  human  resources  professional  to  understand  the 
sexual  harassment  liabilities  created  when  half  your  employees  are  getting 
pornography  foisted  upon  them  by  co-workers.  Just  make  sure  to  have  someone 
in  accounts  payable  on  call  to  start  writing  settlement  checks. 

It’s  difficult  to  believe  that  this  is  the  state  of  things  five  full  years  after  employ¬ 
ers  began  cracking  down.  However,  there  are  signs  of  progress. 

According  to  a  survey  by  MessageLabs,  the  number  of  e-mail  attachments  con¬ 
taining  material  inappropriate  for  the  workplace  —  smut,  cartoons,  jokes,  greet¬ 
ing  cards,  etc.  —  decreased  to  one  in  every  4,756  (0.02%)  during  the  six-month 
period  ending  in  August.That's  down  from  one  in  every  1,357  (0.07%)  for  the  same 
period  last  year. 

“While  we  cannot  say  for  certain  what  has  caused  this  drop,  one  possible 
explanation  is  growing  enforcement  of  corporate  governance  requirements,"  says 
MessageLabs  CTO  Mark  Sunner.  “We  are  now  seeing  a  number  of  organizations 
using  e-mail  management  solutions  to  help  ensure  compliance  and  reduce  risk. 
The  effect  of  this  could  be  one  of  the  reasons  why  fewer  inappropriate  images 
are  being  sent  via  e-mail." 

Need  I  mention  that  MessageLabs  sells  such  e-mail  management  services? 

And,  of  course,  your  mileage  may  vary  in  terms  of  noticing  this  decrease,  as  mine 
most  assuredly  does. 

Nevertheless,  it's  pretty  clear  that  at  least  some  of  the  morons  among  us  finally 
are  snapping  to  their  senses. . . .  Either  that  or  enough  of  them  have  been  fired. 

While  on  the  list,  moron  isn  1  close  to  the  worst  I've  been  called  here.  The  address 
is  buzz@nww.com. 
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Introducing  the  new  WatchGuard  Firebox®  X  Edge.  A  tough  firewall  and  VPN  endpoint  for  real  protection  at  your  vulnerable 
perimeter.  Connect  it  to  any  Firebox  X  appliance  and  get  real-time  central  management  and  monitoring  at  no  additional 
charge.  It’s  smart.  It’s  model-upgradeable.  It’s  the  security  you  really  need.  For  more  information  and  availability,  visit 
www.watchguard.com/info/9nwl3 
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Defending  the  Remote  Office: 
Which  VPN  Technology  is  Best? 

FREE  Small-  to  Mid-Sized  Business  Guide 
Download  now!  www.watchguard.com/go/9nwl3 
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